VYPR
High severity7.5NVD Advisory· Published Aug 10, 2017· Updated Jun 17, 2026

CVE-2016-8739

CVE-2016-8739

Description

The JAX-RS module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 provides a number of Atom JAX-RS MessageBodyReaders. These readers use Apache Abdera Parser which expands XML entities by default which represents a major XXE risk.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.cxf:cxf-coreMaven
< 3.0.123.0.12
org.apache.cxf:cxf-coreMaven
>= 3.1.0, < 3.1.93.1.9

Affected products

12
  • Apache/Cxf10 versions
    cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*+ 9 more
    • cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*range: <=3.0.11
    • cpe:2.3:a:apache:cxf:3.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:cxf:3.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:cxf:3.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:cxf:3.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:cxf:3.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:cxf:3.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:cxf:3.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:cxf:3.1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:cxf:3.1.8:*:*:*:*:*:*:*
  • ghsa-coords
    Range: < 3.0.12
  • Apache/Apachecpe-rescue
    Range: prior to 3.0.12

Patches

Vulnerability mechanics

References

20

News mentions

0

No linked articles in our index yet.