Apache Cxf
28 CVEs affecting Apache Cxf. Latest disclosed: 2026-05-22. Critical: 3, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-44930 | Critical | 9.8 | 2026-05-22 | An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow an attacker to retrieve arbitrary certificates fr… |
CVE-2012-0803 | Critical | 9.8 | 2017-08-08 | The WS-SP UsernameToken policy in Apache CXF 2.4.5 and 2.5.1 allows remote attackers to bypass authentication by sending an empty UsernameToken as part of a SO… |
CVE-2010-2076 | Critical | 9.8 | 2010-08-19 | Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache… |
CVE-2026-44417 | High | 7.5 | 2026-05-22 | The fix for CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE was not complete, meaning that another path in the code might lead to code… |
CVE-2017-3156 | High | 7.5 | 2017-08-10 | The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3.0.13 and 3.1.x prior to 3.1.10 is not using a constant time MAC signature comparison algo… |
CVE-2016-8739 | High | 7.5 | 2017-08-10 | The JAX-RS module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 provides a number of Atom JAX-RS MessageBodyReaders. These readers use Apache Abdera P… |
CVE-2017-5656 | High | 7.5 | 2017-04-18 | Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker co… |
CVE-2016-6812 | Medium | 6.1 | 2017-08-10 | The HTTP transport module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 uses FormattedServiceListWriter to provide an HTML page which lists the names… |
CVE-2017-12624 | Medium | 5.5 | 2017-11-14 | Apache CXF supports sending and receiving attachments via either the JAX-WS or JAX-RS specifications. It is possible to craft a message attachment header that… |
CVE-2026-44618 | Medium | 5.3 | 2026-05-22 | Insecure XML parser configuration in Apache CXF's WS-Transfer module may allow attackers to perform XXE attacks. Users are recommended to upgrade to versions 4… |
CVE-2017-5653 | Medium | 5.3 | 2017-04-18 | JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows re… |
CVE-2019-17573 | | 2020-01-16 | By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected C… | |
CVE-2019-12423 | | 2020-01-16 | Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the si… | |
CVE-2015-5253 | | 2015-11-18 | The SAML Web SSO module in Apache CXF before 2.7.18, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote authenticated users to bypass authentication via… | |
CVE-2014-3623 | | 2014-10-30 | Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does not proper… | |
CVE-2014-3584 | | 2014-10-30 | The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1 allows remote attackers to cause a denial of service (infinite… | |
CVE-2014-0035 | | 2014-07-07 | The SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before 2.7.10, when EncryptBeforeSigning is enabled and the UsernameToken policy is set to an Encryp… | |
CVE-2014-0034 | | 2014-07-07 | The SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows… | |
CVE-2014-0110 | | 2014-05-08 | Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (/tmp disk consumption) via a large invalid SOAP message. | |
CVE-2014-0109 | | 2014-05-08 | Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (memory consumption) via a large request with the Content… |