Versions Compared

Old Version 28

changes.mady.by.user Colm O hEigeartaigh

Saved on

compared with

New Version 29

changes.mady.by.user Colm O hEigeartaigh

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

2018

  • CVE-2018-8039: Apache CXF TLS hostname verification does not work correctly with com.sun.net.ssl.

2017

  • CVE-2017-12631: CSRF vulnerabilities in the Apache CXF Fediz Spring plugins.
  • CVE-2017-12624: Apache CXF web services that process attachments are vulnerable to Denial of Service (DoS) attacks.
  • CVE-2017-7662: The Apache CXF Fediz OIDC Client Registration Service is vulnerable to CSRF attacks.
  • CVE-2017-7661: The Apache CXF Fediz Jetty and Spring plugins are vulnerable to CSRF attacks.
  • CVE-2017-5656: Apache CXF's STSClient uses a flawed way of caching tokens that are associated with delegation tokens.
  • CVE-2017-5653: Apache CXF JAX-RS XML Security streaming clients do not validate that the service response was signed or encrypted.
  • CVE-2017-3156: Apache CXF OAuth2 Hawk and JOSE MAC Validation code is vulnerable to the timing attacks

...