cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2025-23184,https://securityvulnerability.io/vulnerability/CVE-2025-23184,Denial of Service Vulnerability in Apache CXF Software,"A vulnerability in Apache CXF could lead to denial of service due to unclosed CachedOutputStream instances. This issue may arise in specific scenarios where these instances, when tied to temporary files, fail to close properly. As a result, the affected systems—both servers and clients—could experience file system saturation, potentially hindering their operational capabilities.",Apache,Apache Cxf,5.9,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T09:35:37.468Z,0 CVE-2024-41172,https://securityvulnerability.io/vulnerability/CVE-2024-41172,Apache CXF Memory Leak Vulnerability,"A vulnerability in the Apache CXF HTTP client conduit can lead to increased memory usage, as instances of HTTPClient may not be eligible for garbage collection in versions prior to 3.6.4 and 4.0.5. This improper memory management can result in applications experiencing significant memory consumption over time, which may ultimately exhaust available memory resources, leading to performance degradation or application crashes.",Apache,Apache Cxf,7.5,HIGH,0.0017900000093504786,false,,false,false,false,,,false,false,,2024-07-19T08:50:43.766Z,0 CVE-2024-32007,https://securityvulnerability.io/vulnerability/CVE-2024-32007,Apache CXF JOSE Vulnerability: Denial of Service Attack via Improper Input Validation,"An improper input validation vulnerability exists in the Apache CXF JOSE component, specifically related to the processing of the p2c parameter. This issue can be exploited by attackers who input excessively large values within tokens, potentially leading to a denial of service situation. Versions prior to 4.0.5, 3.6.4, and 3.5.9 are notably susceptible, allowing unauthorized access to resources through the manipulation of input parameters. It is crucial for users of affected versions to patch their installations promptly to mitigate the threat.",Apache,Apache Cxf,7.5,HIGH,0.0006200000061653554,false,,false,false,false,,,false,false,,2024-07-19T08:50:31.832Z,0 CVE-2024-29736,https://securityvulnerability.io/vulnerability/CVE-2024-29736,CXF SSRF Vulnerability Affects REST Webservices,"A security vulnerability has been identified in the Apache CXF framework, specifically associated with Server-Side Request Forgery (SSRF) attacks. This issue arises in versions prior to 4.0.5, 3.6.4, and 3.5.9 when a custom stylesheet parameter is configured. Attackers can exploit this vulnerability to manipulate REST web services, potentially leading to unauthorized access and data exposure. It is critical for users of affected versions to apply the necessary updates to mitigate the risk posed by this vulnerability.",Apache,Apache Cxf,9.1,CRITICAL,0.0023799999617040157,false,,true,false,false,,,false,false,,2024-07-19T08:50:08.265Z,0 CVE-2024-28752,https://securityvulnerability.io/vulnerability/CVE-2024-28752,SSRF Vulnerability in Apache CXF Could Allow Attacker to Perform SSRF Style Attacks,"A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings (including the default databinding) are not impacted. ",Apache,Apache Cxf,,,0.0006200000061653554,false,,false,false,false,,,false,false,,2024-03-15T10:27:30.083Z,0 CVE-2022-46364,https://securityvulnerability.io/vulnerability/CVE-2022-46364,Apache CXF SSRF Vulnerability,A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. ,Apache,Apache Cxf,9.8,CRITICAL,0.040709998458623886,false,,false,false,false,,,false,false,,2022-12-13T16:20:26.765Z,0 CVE-2022-46363,https://securityvulnerability.io/vulnerability/CVE-2022-46363,Apache CXF directory listing / code exfiltration,"A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows an attacker to perform a remote directory listing or code exfiltration. The vulnerability only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, and so the vulnerability can only arise if the CXF service is misconfigured. ",Apache,Apache Cxf,7.5,HIGH,0.0008399999933317304,false,,false,false,false,,,false,false,,2022-12-13T14:46:55.619Z,0 CVE-2021-30468,https://securityvulnerability.io/vulnerability/CVE-2021-30468,Apache CXF Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter,"A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely. This issue affects Apache CXF versions prior to 3.4.4; Apache CXF versions prior to 3.3.11.",Apache,Apache Cxf,7.5,HIGH,0.005869999993592501,false,,false,false,false,,,false,false,,2021-06-16T12:00:18.000Z,0 CVE-2021-22696,https://securityvulnerability.io/vulnerability/CVE-2021-22696,OAuth 2 authorization service vulnerable to DDos attacks,"CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a ""request"" parameter, the spec also supports specifying a URI from which to retrieve a JWT token from via the ""request_uri"" parameter. CXF was not validating the ""request_uri"" parameter (apart from ensuring it uses ""https) and was making a REST request to the parameter in the request to retrieve a token. This means that CXF was vulnerable to DDos attacks on the authorization server, as specified in section 10.4.1 of the spec. This issue affects Apache CXF versions prior to 3.4.3; Apache CXF versions prior to 3.3.10.",Apache,Apache Cxf,7.5,HIGH,0.0033199999015778303,false,,false,false,false,,,false,false,,2021-04-02T10:05:14.000Z,0 CVE-2020-13954,https://securityvulnerability.io/vulnerability/CVE-2020-13954,Apache CXF Reflected XSS in the services listing page via the styleSheetPath,"By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the styleSheetPath, which allows a malicious actor to inject javascript into the web page. This vulnerability affects all versions of Apache CXF prior to 3.4.1 and 3.3.8. Please note that this is a separate issue to CVE-2019-17573.",Apache,Apache Cxf,6.1,MEDIUM,0.28714999556541443,false,,false,false,false,,,false,false,,2020-11-12T12:45:14.000Z,0 CVE-2020-1954,https://securityvulnerability.io/vulnerability/CVE-2020-1954,,"Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX.",Apache,Apache Cxf,5.3,MEDIUM,0.0006399999838322401,false,,false,false,false,,,false,false,,2020-04-01T20:07:29.000Z,0 CVE-2019-12419,https://securityvulnerability.io/vulnerability/CVE-2019-12419,,"Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged OpenId Connect service. There is a vulnerability in the access token services, where it does not validate that the authenticated principal is equal to that of the supplied clientId parameter in the request. If a malicious client was able to somehow steal an authorization code issued to another client, then they could exploit this vulnerability to obtain an access token for the other client.",Apache,Apache Cxf,9.8,CRITICAL,0.01940000057220459,false,,false,false,false,,,false,false,,2019-11-06T20:18:54.000Z,0 CVE-2019-12406,https://securityvulnerability.io/vulnerability/CVE-2019-12406,,"Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message attachments present in a given message. This leaves open the possibility of a denial of service type attack, where a malicious user crafts a message containing a very large number of message attachments. From the 3.3.4 and 3.2.11 releases, a default limit of 50 message attachments is enforced. This is configurable via the message property ""attachment-max-count"".",Apache,Apache Cxf,6.5,MEDIUM,0.01656999997794628,false,,false,false,false,,,false,false,,2019-11-06T20:07:27.000Z,0 CVE-2018-8038,https://securityvulnerability.io/vulnerability/CVE-2018-8038,,"Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations (DTDs) when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters.",Apache,Apache Cxf Fediz,7.5,HIGH,0.024059999734163284,false,,false,false,true,2018-11-19T12:14:45.000Z,true,false,false,,2018-07-05T13:29:00.000Z,0 CVE-2018-8039,https://securityvulnerability.io/vulnerability/CVE-2018-8039,,"It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty(""java.protocol.handler.pkgs"", ""com.sun.net.ssl.internal.www.protocol"");'. When this system property is set, CXF uses some reflection to try to make the HostnameVerifier work with the old com.sun.net.ssl.HostnameVerifier interface. However, the default HostnameVerifier implementation in CXF does not implement the method in this interface, and an exception is thrown. However, in Apache CXF prior to 3.2.5 and 3.1.16 the exception is caught in the reflection code and not properly propagated. What this means is that if you are using the com.sun.net.ssl stack with CXF, an error with TLS hostname verification will not be thrown, leaving a CXF client subject to man-in-the-middle attacks.",Apache,Apache Cxf,8.1,HIGH,0.010950000025331974,false,,false,false,true,2018-11-19T12:08:07.000Z,true,false,false,,2018-07-02T13:29:00.000Z,0 CVE-2017-12631,https://securityvulnerability.io/vulnerability/CVE-2017-12631,,"Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. A CSRF (Cross Style Request Forgery) style vulnerability has been found in the Spring 2, Spring 3 and Spring 4 plugins in versions before 1.4.3 and 1.3.3. The vulnerability can result in a security context that is set up using a malicious client's roles for the given enduser.",Apache,Apache Cxf Fediz,8.8,HIGH,0.004699999932199717,false,,false,false,false,,,false,false,,2017-11-30T00:00:00.000Z,0 CVE-2017-12624,https://securityvulnerability.io/vulnerability/CVE-2017-12624,,"Apache CXF supports sending and receiving attachments via either the JAX-WS or JAX-RS specifications. It is possible to craft a message attachment header that could lead to a Denial of Service (DoS) attack on a CXF web service provider. Both JAX-WS and JAX-RS services are vulnerable to this attack. From Apache CXF 3.2.1 and 3.1.14, message attachment headers that are greater than 300 characters will be rejected by default. This value is configurable via the property ""attachment-max-header-size"".",Apache,Apache Cxf,5.5,MEDIUM,0.003160000080242753,false,,false,false,true,2018-11-19T10:07:55.000Z,true,false,false,,2017-11-14T00:00:00.000Z,0 CVE-2016-8739,https://securityvulnerability.io/vulnerability/CVE-2016-8739,,The JAX-RS module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 provides a number of Atom JAX-RS MessageBodyReaders. These readers use Apache Abdera Parser which expands XML entities by default which represents a major XXE risk.,Apache,Apache Cxf,7.5,HIGH,0.0048699998296797276,false,,false,false,false,,,false,false,,2017-08-10T18:29:00.000Z,0 CVE-2017-3156,https://securityvulnerability.io/vulnerability/CVE-2017-3156,,The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3.0.13 and 3.1.x prior to 3.1.10 is not using a constant time MAC signature comparison algorithm which may be exploited by sophisticated timing attacks.,Apache,Apache Cxf,7.5,HIGH,0.002589999930933118,false,,false,false,false,,,false,false,,2017-08-10T18:29:00.000Z,0 CVE-2016-6812,https://securityvulnerability.io/vulnerability/CVE-2016-6812,,The HTTP transport module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 uses FormattedServiceListWriter to provide an HTML page which lists the names and absolute URL addresses of the available service endpoints. The module calculates the base URL using the current HttpServletRequest. The calculated base URL is used by FormattedServiceListWriter to build the service endpoint absolute URLs. If the unexpected matrix parameters have been injected into the request URL then these matrix parameters will find their way back to the client in the services list page which represents an XSS risk to the client.,Apache,Apache Cxf,6.1,MEDIUM,0.00139999995008111,false,,false,false,false,,,false,false,,2017-08-10T16:29:00.000Z,0 CVE-2017-7662,https://securityvulnerability.io/vulnerability/CVE-2017-7662,,"Apache CXF Fediz ships with an OpenId Connect (OIDC) service which has a Client Registration Service, which is a simple web application that allows clients to be created, deleted, etc. A CSRF (Cross Style Request Forgery) style vulnerability has been found in this web application in Apache CXF Fediz prior to 1.4.0 and 1.3.2, meaning that a malicious web application could create new clients, or reset secrets, etc, after the admin user has logged on to the client registration service and the session is still active.",Apache,Apache Cxf Fediz,8.8,HIGH,0.0015699999639764428,false,,false,false,false,,,false,false,,2017-05-16T17:00:00.000Z,0 CVE-2017-7661,https://securityvulnerability.io/vulnerability/CVE-2017-7661,,"Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. A CSRF (Cross Style Request Forgery) style vulnerability has been found in the Spring 2, Spring 3, Jetty 8 and Jetty 9 plugins in Apache CXF Fediz prior to 1.4.0, 1.3.2 and 1.2.4.",Apache,Apache Cxf Fediz,8.8,HIGH,0.0015800000401213765,false,,false,false,false,,,false,false,,2017-05-16T17:00:00.000Z,0 CVE-2017-5653,https://securityvulnerability.io/vulnerability/CVE-2017-5653,,"JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers.",Apache,Apache Cxf,5.3,MEDIUM,0.0020000000949949026,false,,false,false,false,,,false,false,,2017-04-18T16:00:00.000Z,0 CVE-2017-5656,https://securityvulnerability.io/vulnerability/CVE-2017-5656,,"Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user.",Apache,Apache Cxf,7.5,HIGH,0.0022299999836832285,false,,false,false,false,,,false,false,,2017-04-18T16:00:00.000Z,0