Application plugins in Apache CXF Fediz prior to 1.1.3 and 1.2.x prior to 1.2.1 allow remote malicious users to cause a denial of service.
apache cxf fediz
apache cxf fediz 1.2.0