Filter
AND
-Infinity
0
Trending
Versions
2.6.0
11
2.7.0
10
2.5.0
9
2.5.1
9
2.5.2
9
2.6.1
9
2.7.1
9
2.5.3
8
2.6.2
8
2.6.3
8
2.6.4
8
2.7.2
8
2.6.5
7
2.7.3
7
3.1.0
7
2.4.5
6
2.4.6
6
2.5.4
6
2.5.5
6
2.5.6
6
2.5.7
6
2.6.6
6
3.0.0
6
2.4.0
5
2.4.7
5
2.5.8
5
2.6.10
5
2.7.4
5
2.7.5
5
2.7.6
5
2.7.7
5
3.3.0
5
2.4.1
4
2.4.2
4
2.4.3
4
2.4.4
4
2.5.9
4
2.6.11
4
2.6.7
4
2.6.8
4
2.6.9
4
2.7.8
4
3.2.0
4
2.6.12
3
2.7.9
3
3.1.1
3
3.1.2
3
3.1.3
3
3.1.4
3
3.1.5
3
Apache CXFApache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token s…
10
First published (updated )
redhat/cxfA flaw was found in cxf in versions prior to 3.2.11 and 3.3.4. The access token services do not prop…
9.8
First published (updated )
redhat/eap7-apache-cxfApache CXF SSRF Vulnerability
9.8
First published (updated )
Apache CXFThe WS-SP UsernameToken policy in Apache CXF 2.4.5 and 2.5.1 allows remote attackers to bypass authe…
9.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
maven/org.apache.cxf:cxf-rt-rs-service-descriptionApache CXF: SSRF vulnerability via WADL stylesheet parameter
9.1
First published (updated )
IBM InfoSphere Guardium z/OSApache CXF could allow a remote attacker to conduct a man-in-the-middle attack. The TLS hostname ver…
8.1
First published (updated )
maven/org.apache.cxf:cxf-rt-transports-httpApache CXF: Unrestricted memory consumption in CXF HTTP clients
7.5
First published (updated )
maven/org.apache.cxf:cxf-rt-rs-security-joseApache CXF Denial of Service vulnerability in JOSE
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Apache CXFApache CXF: Denial of Service vulnerability with temporary files
7.5
EPSS
0.09%
First published (updated )
redhat/cxfApache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associa…
7.5
First published (updated )
Apache CXFThe OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3.0.13 and 3.1.x prior to 3.1.10…
7.5
First published (updated )
IBM InfoSphere Guardium z/OSApache CXF could allow a remote attacker to obtain sensitive information, caused by a flaw when ship…
7.5
First published (updated )
IBM InfoSphere Guardium z/OSApache CXF Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Oracle Retail Financial IntegrationBypass of the secureValidation property
7.5
First published (updated )
IBM InfoSphere Guardium z/OSOAuth 2 authorization service vulnerable to DDos attacks
7.5
First published (updated )
redhat/rh-sso7-keycloakApache CXF directory listing / code exfiltration
7.5
First published (updated )
Apache CXFTibor Jager, Kenneth G. Paterson and Juraj Somorovsky have described XML encryption backwards compat…
7
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
redhat/cxfApache CXF is vulnerable to a denial of service, caused by the failure to restrict the number of mes…
6.5
First published (updated )
Apache CXFApache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify t…
6.4
First published (updated )
IBM InfoSphere Guardium z/OSApache CXF Reflected XSS in the services listing page via the styleSheetPath
6.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
redhat/aopallianceThe implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache W…
5.9
First published (updated )
Apache CXFThe URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, wh…
5.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.