VYPR

Maven package

org.apache.cxf/cxf-rt-frontend-jaxrs

pkg:maven/org.apache.cxf/cxf-rt-frontend-jaxrs

Vulnerabilities (4)

  • CVE-2014-3584Oct 30, 2014
    affected >= 2.5.0, < 2.6.11fixed 2.6.11

    The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted SAML token in the authorization header of a request to a JAX-RS service.

  • CVE-2013-2160Aug 19, 2013
    affected >= 2.5.0, < 2.5.10fixed 2.5.10

    The streaming XML parser in Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to cause a denial of service (CPU and memory consumption) via crafted XML with a large number of (1) elements, (2) attributes, (3) nested constructs, and

  • CVE-2013-0239Mar 12, 2013
    affected < 2.5.9fixed 2.5.9

    Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password ch

  • CVE-2010-2076CriAug 19, 2010
    affected >= 2.0.0, < 2.0.13fixed 2.0.13

    Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbi