CVSS: 9.8EPSS: 11%CPEs: 7EXPL: 0CVE-2019-12419 – cxf: OpenId Connect token service does not properly validate the clientId
https://notcve.org/view.php?id=CVE-2019-12419
06 Nov 2019 — Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged OpenId Connect service. There is a vulnerability in the access token services, where it does not validate that the authenticated principal is equal to that of the supplied clientId parameter in the request. If a malicious client was able to somehow steal an authorization code issued to another client, then they could exploit this vulnerability to obtain an access token for the other client. Apache CX... • http://cxf.apache.org/security-advisories.data/CVE-2019-12419.txt.asc • CWE-287: Improper Authentication CWE-863: Incorrect Authorization •
CVSS: 6.5EPSS: 2%CPEs: 6EXPL: 0CVE-2019-12406 – cxf: does not restrict the number of message attachments
https://notcve.org/view.php?id=CVE-2019-12406
06 Nov 2019 — Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message attachments present in a given message. This leaves open the possibility of a denial of service type attack, where a malicious user crafts a message containing a very large number of message attachments. From the 3.3.4 and 3.2.11 releases, a default limit of 50 message attachments is enforced. This is configurable via the message property "attachment-max-count". Apache CXF versiones anteriores a la versión 3.3.4 y 3.2.11, no restring... • http://cxf.apache.org/security-advisories.data/CVE-2019-12406.txt.asc • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.1EPSS: 1%CPEs: 3EXPL: 1CVE-2018-8039 – apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.*
https://notcve.org/view.php?id=CVE-2018-8039
02 Jul 2018 — It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");'. When this system property is set, CXF uses some reflection to try to make the HostnameVerifier work with the old com.sun.net.ssl.HostnameVerifier interface. However, the default HostnameVerifier implementation in CXF does not implement the method in this interface, and an exception is thrown. However, in Apache CXF prior to 3.2.5 a... • https://github.com/tafamace/CVE-2018-8039 • CWE-248: Uncaught Exception CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 5.5EPSS: 2%CPEs: 3EXPL: 1CVE-2017-12624 – cxf: Improper size validation in message attachment header for JAX-WS and JAX-RS services
https://notcve.org/view.php?id=CVE-2017-12624
14 Nov 2017 — Apache CXF supports sending and receiving attachments via either the JAX-WS or JAX-RS specifications. It is possible to craft a message attachment header that could lead to a Denial of Service (DoS) attack on a CXF web service provider. Both JAX-WS and JAX-RS services are vulnerable to this attack. From Apache CXF 3.2.1 and 3.1.14, message attachment headers that are greater than 300 characters will be rejected by default. This value is configurable via the property "attachment-max-header-size". • https://github.com/tafamace/CVE-2017-12624 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 13%CPEs: 11EXPL: 0CVE-2017-3156 – cxf: CXF OAuth2 Hawk and JOSE MAC Validation code are vulnerable to timing attacks
https://notcve.org/view.php?id=CVE-2017-3156
10 Aug 2017 — The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3.0.13 and 3.1.x prior to 3.1.10 is not using a constant time MAC signature comparison algorithm which may be exploited by sophisticated timing attacks. OAuth2 Hawk y JOSE MAC en Apache CXF en versiones anteriores a la 3.0.13 y en versiones 3.1.x anteriores a la 3.1.10 no emplean un algoritmo de comparación de firma MAC de tiempo constante, lo que podría ser explotado por ataques basados en tiempo sofisticados. It was found that Apache CXF ... • http://cxf.apache.org/security-advisories.data/CVE-2017-3156.txt.asc • CWE-385: Covert Timing Channel •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2012-0803
https://notcve.org/view.php?id=CVE-2012-0803
08 Aug 2017 — The WS-SP UsernameToken policy in Apache CXF 2.4.5 and 2.5.1 allows remote attackers to bypass authentication by sending an empty UsernameToken as part of a SOAP request. La política WS-SP UsernameToken en Apache CXF 2.4.5 y 2.5.1 permite que atacantes remotos eludan la autenticación mediante el envío de un UsernameToken vacío como parte de una petición SOAP. • http://marc.info/?l=full-disclosure&m=132861746008002 • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 3%CPEs: 2EXPL: 0CVE-2017-5653 – cxf: CXF JAX-RS XML Security streaming clients do not validate that the service response was signed or encrypted
https://notcve.org/view.php?id=CVE-2017-5653
18 Apr 2017 — JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers. Clientes streaming de JAX-RS XML Security en Apache CXF en versiones anteriores a 3.1.11 y 3.0.13 no validan que la respuesta de servicio fue firmada o encriptada, lo que permite a atacantes suplantar servidores. It was found that a flaw exists in JAX-RS clients using the streaming approach for XML signatures and encry... • http://cxf.apache.org/security-advisories.data/CVE-2017-5653.txt.asc?version=1&modificationDate=1492515074710&api=v2 • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 3%CPEs: 2EXPL: 0CVE-2017-5656 – cxf: CXF's STSClient uses a flawed way of caching tokens that are associated with delegation tokens
https://notcve.org/view.php?id=CVE-2017-5656
18 Apr 2017 — Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user. Apache CXF's STSClient en versiones anteriores a 3.1.11 y 3.0.13 utiliza un modo defectuoso de los tokens de caché que están asociados al los tokens de delegación, lo que significa que el atacante puede modificar el token el cual puede devolver el ident... • http://cxf.apache.org/security-advisories.data/CVE-2017-5656.txt.asc?version=1&modificationDate=1492515113282&api=v2 • CWE-384: Session Fixation •
CVSS: 6.1EPSS: 6%CPEs: 10EXPL: 0CVE-2016-6812 – apache-cxf: XSS in Apache CXF FormattedServiceListWriter
https://notcve.org/view.php?id=CVE-2016-6812
03 Apr 2017 — The HTTP transport module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 uses FormattedServiceListWriter to provide an HTML page which lists the names and absolute URL addresses of the available service endpoints. The module calculates the base URL using the current HttpServletRequest. The calculated base URL is used by FormattedServiceListWriter to build the service endpoint absolute URLs. If the unexpected matrix parameters have been injected into the request URL then these matrix parameters will ... • http://cxf.apache.org/security-advisories.data/CVE-2016-6812.txt.asc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 2%CPEs: 10EXPL: 0CVE-2016-8739 – apache-cxf: Atom entity provider of Apache CXF JAX-RS is vulnerable to XXE
https://notcve.org/view.php?id=CVE-2016-8739
03 Apr 2017 — The JAX-RS module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 provides a number of Atom JAX-RS MessageBodyReaders. These readers use Apache Abdera Parser which expands XML entities by default which represents a major XXE risk. El módulo JAX-RS en Apache CXF anterior a 3.0.12 y en sus versiones 3.1.x anteriores a 3.1.9 proporciona un número de Atom JAX-RS MessageBodyReaders. Estos lectores emplean Apache Abdera Parser que expande las entidades XML por defecto. Esto representa un gran riesgo de XXE... • http://cxf.apache.org/security-advisories.data/CVE-2016-8739.txt.asc • CWE-611: Improper Restriction of XML External Entity Reference •