CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2017-12624 – cxf: Improper size validation in message attachment header for JAX-WS and JAX-RS services
https://notcve.org/view.php?id=CVE-2017-12624
14 Nov 2017 — Apache CXF supports sending and receiving attachments via either the JAX-WS or JAX-RS specifications. It is possible to craft a message attachment header that could lead to a Denial of Service (DoS) attack on a CXF web service provider. Both JAX-WS and JAX-RS services are vulnerable to this attack. From Apache CXF 3.2.1 and 3.1.14, message attachment headers that are greater than 300 characters will be rejected by default. This value is configurable via the property "attachment-max-header-size". • https://github.com/tafamace/CVE-2017-12624 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2017-3156 – cxf: CXF OAuth2 Hawk and JOSE MAC Validation code are vulnerable to timing attacks
https://notcve.org/view.php?id=CVE-2017-3156
10 Aug 2017 — The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3.0.13 and 3.1.x prior to 3.1.10 is not using a constant time MAC signature comparison algorithm which may be exploited by sophisticated timing attacks. OAuth2 Hawk y JOSE MAC en Apache CXF en versiones anteriores a la 3.0.13 y en versiones 3.1.x anteriores a la 3.1.10 no emplean un algoritmo de comparación de firma MAC de tiempo constante, lo que podría ser explotado por ataques basados en tiempo sofisticados. It was found that Apache CXF ... • http://cxf.apache.org/security-advisories.data/CVE-2017-3156.txt.asc • CWE-385: Covert Timing Channel •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-5656 – cxf: CXF's STSClient uses a flawed way of caching tokens that are associated with delegation tokens
https://notcve.org/view.php?id=CVE-2017-5656
18 Apr 2017 — Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user. Apache CXF's STSClient en versiones anteriores a 3.1.11 y 3.0.13 utiliza un modo defectuoso de los tokens de caché que están asociados al los tokens de delegación, lo que significa que el atacante puede modificar el token el cual puede devolver el ident... • http://cxf.apache.org/security-advisories.data/CVE-2017-5656.txt.asc?version=1&modificationDate=1492515113282&api=v2 • CWE-384: Session Fixation •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-5653 – cxf: CXF JAX-RS XML Security streaming clients do not validate that the service response was signed or encrypted
https://notcve.org/view.php?id=CVE-2017-5653
18 Apr 2017 — JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers. Clientes streaming de JAX-RS XML Security en Apache CXF en versiones anteriores a 3.1.11 y 3.0.13 no validan que la respuesta de servicio fue firmada o encriptada, lo que permite a atacantes suplantar servidores. It was found that a flaw exists in JAX-RS clients using the streaming approach for XML signatures and encry... • http://cxf.apache.org/security-advisories.data/CVE-2017-5653.txt.asc?version=1&modificationDate=1492515074710&api=v2 • CWE-295: Improper Certificate Validation •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2016-8739 – apache-cxf: Atom entity provider of Apache CXF JAX-RS is vulnerable to XXE
https://notcve.org/view.php?id=CVE-2016-8739
03 Apr 2017 — The JAX-RS module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 provides a number of Atom JAX-RS MessageBodyReaders. These readers use Apache Abdera Parser which expands XML entities by default which represents a major XXE risk. El módulo JAX-RS en Apache CXF anterior a 3.0.12 y en sus versiones 3.1.x anteriores a 3.1.9 proporciona un número de Atom JAX-RS MessageBodyReaders. Estos lectores emplean Apache Abdera Parser que expande las entidades XML por defecto. Esto representa un gran riesgo de XXE... • http://cxf.apache.org/security-advisories.data/CVE-2016-8739.txt.asc • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 0CVE-2016-6812 – apache-cxf: XSS in Apache CXF FormattedServiceListWriter
https://notcve.org/view.php?id=CVE-2016-6812
03 Apr 2017 — The HTTP transport module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 uses FormattedServiceListWriter to provide an HTML page which lists the names and absolute URL addresses of the available service endpoints. The module calculates the base URL using the current HttpServletRequest. The calculated base URL is used by FormattedServiceListWriter to build the service endpoint absolute URLs. If the unexpected matrix parameters have been injected into the request URL then these matrix parameters will ... • http://cxf.apache.org/security-advisories.data/CVE-2016-6812.txt.asc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0CVE-2015-5253 – apache-cxf: SAML SSO processing is vulnerable to wrapping attack
https://notcve.org/view.php?id=CVE-2015-5253
18 Nov 2015 — The SAML Web SSO module in Apache CXF before 2.7.18, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote authenticated users to bypass authentication via a crafted SAML response with a valid signed assertion, related to a "wrapping attack." El módulo Web SSO SAML en Apache CXF en versiones anteriores a 2.7.18, 3.0.x en versiones anteriores a 3.0.7 y 3.1.x en versiones anteriores a 3.1.3 permite a usuarios remotos autenticados eludir la autenticación a través de una respuesta SAML manipulada con una ase... • http://cxf.apache.org/security-advisories.data/CVE-2015-5253.txt.asc • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2014-3623 – CXF: Improper security semantics enforcement of SAML SubjectConfirmation methods
https://notcve.org/view.php?id=CVE-2014-3623
30 Oct 2014 — Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does not properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vectors. Apache WSS4J anterior a versión 1.6.17 y versiones 2.x anteriores a 2.0.2, tal y como es usado en Apache CXF versiones 2.7.x anteriores a 2.7.13 y versiones 3.0.x anteriores a 3.0.2, cuando se usa Transp... • http://rhn.redhat.com/errata/RHSA-2015-0236.html • CWE-287: Improper Authentication CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 5.3EPSS: 1%CPEs: 11EXPL: 0CVE-2014-3584 – CXF: Denial of Service (DoS) via invalid JAX-RS SAML tokens
https://notcve.org/view.php?id=CVE-2014-3584
30 Oct 2014 — The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted SAML token in the authorization header of a request to a JAX-RS service. SamlHeaderInHandler en Apache CXF anterior a 2.6.11, 2.7.x anterior a 2.7.8, y 3.0.x anterior a 3.0.1 permite a atacantes remotos causar una denegación de servicio (bucle infinito) a través de un token SAML manipulado en la cabecera de autorización de una soli... • http://cxf.apache.org/security-advisories.data/CVE-2014-3584.txt.asc • CWE-399: Resource Management Errors CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •