threat
engine
.sh
Back
·
··:··
Home
/
Product
/
apache cxf
Product
apache cxf
43 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-48913
< 3.6.8
If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to
9.8
CRITICAL
CVE-2025-48795
all versions
Apache CXF stores large stream based messages as temporary files on the local filesystem. A bug was introduced which means that th
5.6
MEDIUM
CVE-2025-23184
< 3.5.10
A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge ca
5.9
MEDIUM
CVE-2024-41172
>= 3.6.0 and < 3.6.4
In versions of Apache CXF before 3.6.4 and 4.0.5 (3.5.x and lower versions are not impacted), a CXF HTTP client conduit may preven
7.5
HIGH
CVE-2024-32007
< 3.5.9
An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker t
7.5
HIGH
CVE-2024-29736
< 3.5.9
A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to per
9.1
CRITICAL
CVE-2024-28752
< 3.5.8
A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to per
9.3
CRITICAL
CVE-2022-46364
< 3.4.10
A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4
9.8
CRITICAL
CVE-2022-46363
< 3.4.10
A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows an attacker to perform a remote directory listing or code ex
7.5
HIGH
CVE-2021-40690
all versions
All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureVali
7.5
HIGH
CVE-2021-30468
< 3.3.11
A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which
7.5
HIGH
CVE-2021-22696
< 3.3.10
CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth
7.5
HIGH
CVE-2020-13954
< 3.3.8
By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage i
6.1
MEDIUM
CVE-2020-1954
< 3.2.13
Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘cr
5.3
MEDIUM
CVE-2011-2487
>= 2.4.0 and <= 2.4.6
The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptib
5.9
MEDIUM
CVE-2019-17573
>= 3.2.0 and <= 3.2.12
By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage i
6.1
MEDIUM
CVE-2019-12423
< 3.2.12
Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can
7.5
HIGH
CVE-2019-12419
>= 3.2.0 and < 3.2.11
Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged OpenId Connect servic
9.8
CRITICAL
CVE-2019-12406
< 3.2.11
Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message attachments present in a given message. This leaves ope
6.5
MEDIUM
CVE-2018-8039
< 3.1.16
It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty("java.protocol.handler.pk
8.1
HIGH
CVE-2017-12624
>= 3.0.0 and < 3.0.16
Apache CXF supports sending and receiving attachments via either the JAX-WS or JAX-RS specifications. It is possible to craft a me
5.5
MEDIUM
CVE-2017-3156
<= 3.0.12
The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3.0.13 and 3.1.x prior to 3.1.10 is not using a constant time
7.5
HIGH
CVE-2016-8739
<= 3.0.11
The JAX-RS module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 provides a number of Atom JAX-RS MessageBodyReaders. Thes
7.5
HIGH
CVE-2016-6812
<= 3.0.11
The HTTP transport module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 uses FormattedServiceListWriter to provide an HTM
6.1
MEDIUM
CVE-2012-0803
all versions
The WS-SP UsernameToken policy in Apache CXF 2.4.5 and 2.5.1 allows remote attackers to bypass authentication by sending an empty
9.8
CRITICAL
CVE-2017-5656
>= 3.0.0 and < 3.0.13
Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, wh
7.5
HIGH
CVE-2017-5653
>= 3.0.0 and <= 3.0.13
JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed
5.3
MEDIUM
CVE-2015-5253
< 2.7.18
The SAML Web SSO module in Apache CXF before 2.7.18, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote authenticated users
CVE-2014-3623
>= 2.7.0 and <= 2.7.13
Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using Tran
CVE-2014-3584
<= 2.6.10
The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1 allows remote attackers to cause a
CVE-2014-0035
<= 2.6.12
The SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before 2.7.10, when EncryptBeforeSigning is enabled and the UsernameTok
CVE-2014-0034
<= 2.6.11
The SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when cach
CVE-2014-0110
<= 2.6.13
Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (/tmp disk consumption) via
CVE-2014-0109
<= 2.6.13
Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (memory consumption) via a l
CVE-2013-2160
all versions
The streaming XML parser in Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to
CVE-2012-5575
all versions
Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic
CVE-2013-0239
<= 2.5.8
Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled
CVE-2012-5633
<= 2.5.7
The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInIntercepto
CVE-2012-2378
all versions
Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-Secu
CVE-2012-2379
all versions
Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPo
CVE-2012-5786
<= 2.6.17
The wsdl_first_https sample code in distribution/src/main/release/samples/wsdl_first_https/src/main/ in Apache CXF before 2.7.0 do
CVE-2012-3451
< 2.4.9
Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service oper
CVE-2010-2076
>= 2.0.6 and < 2.0.13
Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Ch
9.8
CRITICAL
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin