Versions Compared

Old Version 32

changes.mady.by.user Colm O hEigeartaigh

Saved on

compared with

New Version Current

changes.mady.by.user Colm O hEigeartaigh

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

For information on how to report a new security problem please see here. 

2022

2021

  • CVE-2021-30468: Apache CXF Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter
  • CVE-2021-22696: OAuth 2 authorization service vulnerable to DDos attacks

2020

  • CVE-2020-13954: Apache CXF Reflected XSS in the services listing page via the styleSheetPath
  • CVE-2020-1954: Apache CXF JMX Integration is vulnerable to a MITM attack

2019

  • CVE-2019-17573: Apache CXF Reflected XSS in the services listing page
  • CVE-2019-12423: Apache CXF OpenId Connect JWK Keys service returns private/secret credentials if configured with a jwk keystore
  • CVE-2019-12419: Apache CXF OpenId Connect token service does not properly validate the clientId
  • CVE-2019-12406: Apache CXF does not restrict the number of message attachments

...