THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
For information on how to report a new security problem please see here.
2022
- CVE-2022-46363: Apache CXF directory listing / code exfiltration
- CVE-2022-46364: Apache CXF SSRF Vulnerability
2021
- CVE-2021-30468: Apache CXF Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter
- CVE-2021-22696: OAuth 2 authorization service vulnerable to DDos attacks
2020
- CVE-2020-13954: Apache CXF Reflected XSS in the services listing page via the styleSheetPath
- CVE-2020-1954: Apache CXF JMX Integration is vulnerable to a MITM attack
2019
- CVE-2019-17573: Apache CXF Reflected XSS in the services listing page
- CVE-2019-12423: Apache CXF OpenId Connect JWK Keys service returns private/secret credentials if configured with a jwk keystore
- CVE-2019-12419: Apache CXF OpenId Connect token service does not properly validate the clientId
- CVE-2019-12406: Apache CXF does not restrict the number of message attachments
...