Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache cxf vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2012-5633
The URIMappingInterceptor in Apache CXF prior to 2.5.8, 2.6.x prior to 2.6.5, and 2.7.x prior to 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote malicious users to obtain access to SOAP services via an HTTP GET request.
Apache Cxf 2.5.2
Apache Cxf 2.5.3
Apache Cxf 2.5.0
Apache Cxf 2.5.1
Apache Cxf 2.5.5
Apache Cxf 2.5.6
Apache Cxf
Apache Cxf 2.5.4
Apache Cxf 2.6.0
Apache Cxf 2.6.2
Apache Cxf 2.6.3
Apache Cxf 2.6.4
Apache Cxf 2.6.1
Apache Cxf 2.7.0
Apache Cxf 2.7.1
5.8
CVSSv2
CVE-2012-5786
The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF prior to 2.7.0 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate...
Apache Cxf
5
CVSSv2
CVE-2021-40690
All versions of Apache Santuario - XML Security for Java before 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an malicious user to abuse an XP...
Apache Santuario Xml Security For Java
Apache Tomee
Apache Cxf 3.4.4
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Oracle Flexcube Private Banking 12.1.0
Oracle Agile Plm 9.3.6
Oracle Weblogic Server 12.2.1.4.0
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Outside In Technology 8.5.5
Oracle Weblogic Server 14.1.1.0.0
Oracle Retail Merchandising System 16.0.3
Oracle Retail Service Backbone 16.0.3
Oracle Retail Financial Integration 16.0.3
Oracle Retail Integration Bus 16.0.3
Oracle Commerce Guided Search 11.3.2
Oracle Peoplesoft Enterprise Peopletools 8.59
Oracle Retail Service Backbone 15.0.3.1
Oracle Retail Service Backbone 14.1.3.2
Oracle Communications Messaging Server 8.1
Oracle Retail Merchandising System 19.0.1
3 Github repositories
5
CVSSv2
CVE-2021-30468
A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an malicious user to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely. This issue affects Apache CXF versions before 3.4.4; Apach...
Apache Cxf
Apache Tomee 8.0.6
Oracle Business Intelligence 12.2.1.3.0
Oracle Business Intelligence 12.2.1.4.0
Oracle Business Intelligence 5.5.0.0.0
Oracle Communications Messaging Server 8.1
Oracle Business Intelligence 5.9.0.0.0
Oracle Communications Element Manager 8.2.2
5
CVSSv2
CVE-2021-22696
CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a "request" parameter, the spec als...
Apache Cxf
Oracle Business Intelligence 12.2.1.3.0
Oracle Business Intelligence 12.2.1.4.0
Oracle Business Intelligence 5.5.0.0.0
Oracle Communications Session Route Manager
Oracle Communications Session Report Manager
Oracle Business Intelligence 5.9.0.0.0
Oracle Communications Element Manager 8.2.2
Oracle Communications Diameter Intelligence Hub
5
CVSSv2
CVE-2018-8038
Versions of Apache CXF Fediz before 1.4.4 do not fully disable Document Type Declarations (DTDs) when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters.
Apache Cxf Fediz
5
CVSSv2
CVE-2015-5175
Application plugins in Apache CXF Fediz prior to 1.1.3 and 1.2.x prior to 1.2.1 allow remote malicious users to cause a denial of service.
Apache Cxf Fediz
Apache Cxf Fediz 1.2.0
5
CVSSv2
CVE-2017-5653
JAX-RS XML Security streaming clients in Apache CXF prior to 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote malicious users to spoof servers.
Apache Cxf
5
CVSSv2
CVE-2013-0239
Apache CXF prior to 2.5.9, 2.6.x prior to 2.6.6, and 2.7.x prior to 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote malicious users to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a...
Apache Cxf 2.5.2
Apache Cxf 2.4.6
Apache Cxf 2.5.3
Apache Cxf 2.4.0
Apache Cxf 2.4.3
Apache Cxf 2.5.7
Apache Cxf 2.4.4
Apache Cxf 2.4.2
Apache Cxf 2.5.0
Apache Cxf 2.5.1
Apache Cxf 2.5.5
Apache Cxf
Apache Cxf 2.4.1
Apache Cxf 2.5.6
Apache Cxf 2.4.7
Apache Cxf 2.4.5
Apache Cxf 2.5.4
Apache Cxf 2.6.0
Apache Cxf 2.6.2
Apache Cxf 2.6.5
Apache Cxf 2.6.3
Apache Cxf 2.6.4
4.3
CVSSv2
CVE-2020-13954
By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the styleSheetPath, which allows a malicious actor to inject javascript into the web...
Apache Cxf
Netapp Snap Creator Framework -
Netapp Vasa Provider For Clustered Data Ontap
Oracle Retail Order Broker Cloud Service 15.0
Oracle Business Intelligence 12.2.1.3.0
Oracle Business Intelligence 12.2.1.4.0
Oracle Business Intelligence 5.5.0.0.0
Oracle Communications Messaging Server 8.1
Oracle Communications Messaging Server 8.0.2
Oracle Business Intelligence 5.9.0.0.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »