THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
- CVE-2017-3156: Apache CXF OAuth2 Hawk and JOSE MAC Validation code is vulnerable to the timing attacks
- CVE-2017-5653: Apache CXF JAX-RS XML Security streaming clients do not validate that the service response was signed or encrypted.
- CVE-2017-5656: Apache CXF's STSClient uses a flawed way of caching tokens that are associated with delegation tokens.
2016
- CVE-2016-8739: Atom entity provider of Apache CXF JAX-RS is vulnerable to XXE
- CVE-2016-6812: XSS risk in Apache CXF FormattedServiceListWriter when a request URL contains matrix parameters
- CVE-2016-4464: Apache CXF Fediz application plugins do not match the SAML AudienceRestriction values against the list of configured audience URIs
...