org.apache.cxf:cxf-rt-frontend-jaxrs
Maven4 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.apache.cxf:cxf-rt-frontend-jaxrspage 1 of 1
- CVE-2010-2076CRITICALCVSS 9.8EG 9.8✓ Fixed in 2.2.92010-08-19
vulnerable: 2.2 ... 2.2.8 (9 versions)
Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, w…
- CVE-2013-0239NONECVSS 0.0EG 0.0✓ Fixed in 2.7.32013-03-12
vulnerable: 2.7.0, 2.7.1, 2.7.2
Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a Usern…
- CVE-2013-2160NONECVSS 0.0EG 0.0✓ Fixed in 2.7.42013-08-19
vulnerable: 2.7.0, 2.7.1, 2.7.2, 2.7.3
The streaming XML parser in Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to cause a denial of service (CPU and memory consumption) via crafted XML with a large number of (1) elements, (…
- CVE-2014-3584NONECVSS 0.0EG 0.0✓ Fixed in 3.0.12014-10-30
vulnerable: 3.0.0
The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted SAML token in the authorization header of a request to a JAX…
Check whether org.apache.cxf:cxf-rt-frontend-jaxrs is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.apache.cxf:cxf-rt-frontend-jaxrs CVEs against the assets you own.
Start Free Scan →