Org.apache.cxf:apache-cxf
This hub aggregates every CVE we track for Org.apache.cxf:apache-cxf, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
7
CVEs tracked
0
Critical
4
High
0
In CISA KEV
Severity distribution
HIGH4MEDIUM3
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 7 most recently published vulnerabilities affecting Org.apache.cxf:apache-cxf.
- CVE-2021-30468Apache CXF Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter7.5
- CVE-2021-22696OAuth 2 authorization service vulnerable to DDos attacks7.5
- CVE-2020-13954Apache CXF Reflected XSS in the services listing page via the styleSheetPath6.1
- CVE-2019-17573By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack, whic...6.1
- CVE-2019-12423Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the servic...7.5
- CVE-2019-12406Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message attachments present in a given message. This leaves open the possibility of a denial of service type attack, where a malic...6.5
- CVE-2018-8039It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");'. When this system p...8.1
Product normalization is registry-driven with AI assist and human review. How it works