Versions of Apache CXF Fediz before 1.4.4 do not fully disable Document Type Declarations (DTDs) when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache cxf fediz |