Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Cxf
(Apache)| Repositories | https://github.com/apache/cxf |
| #Vulnerabilities | 41 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-03-15 | CVE-2024-28752 | A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings (including the default databinding) are not impacted. | Cxf, Oncommand_workflow_automation, Ontap_tools | N/A | ||
| 2025-01-21 | CVE-2025-23184 | A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system (it applies to servers and clients). | Cxf | 7.5 | ||
| 2020-04-01 | CVE-2020-1954 | Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is... | Cxf, Oncommand_workflow_automation, Snapmanager, Communications_diameter_signaling_router, Communications_diameter_signaling_router_idih\:, Communications_element_manager, Communications_session_report_manager, Communications_session_route_manager, Enterprise_manager_base_platform, Peoplesoft_enterprise_peopletools | 5.3 |