JAX-RS XML Security streaming clients in Apache CXF prior to 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote malicious users to spoof servers.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache cxf |