THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
2017
- CVE-2017-3156: Apache CXF OAuth2 Hawk and JOSE MAC Validation code is vulnerable to the timing attacks7662: The Apache CXF Fediz OIDC Client Registration Service is vulnerable to CSRF attacks.
- CVE-2017-7661: The Apache CXF Fediz Jetty and Spring plugins are vulnerable to CSRF attacks.
- CVE-2017-5656: Apache CXF's STSClient uses a flawed way of caching tokens that are associated with delegation tokens.
- CVE-2017-5653: Apache CXF JAX-RS XML Security streaming clients do not validate that the service response was signed or encrypted.
- CVE-2017-56563156: Apache CXF 's STSClient uses a flawed way of caching tokens that are associated with delegation tokens.OAuth2 Hawk and JOSE MAC Validation code is vulnerable to the timing attacks
2016
- CVE-2016-8739: Atom entity provider of Apache CXF JAX-RS is vulnerable to XXE
- CVE-2016-6812: XSS risk in Apache CXF FormattedServiceListWriter when a request URL contains matrix parameters
- CVE-2016-4464: Apache CXF Fediz application plugins do not match the SAML AudienceRestriction values against the list of configured audience URIs
...