...
This has been fixed in revisions:
http://svn.apache.org/viewvc?view=revision&revision=1438424
Migration:
Users of CXF prior to 2.5.x should upgrade to either 2.5.9, 2.6.6, or 2.7.3.
CXF 2.5.x users should upgrade to 2.5.9 as soon as possible.
CXF 2.6.x users should upgrade to 2.6.6 as soon as possible.
CXF 2.7.x users should upgrade to 2.7.3 as soon as possible.
References: http://cxf.apache.org/security-advisories.html
----BEGIN PGP SIGNATURE----
Version: GnuPG v1.4.11 (GNU/Linux)
...