CVE-2016-8739
10.08.2017, 18:29
The JAX-RS module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 provides a number of Atom JAX-RS MessageBodyReaders. These readers use Apache Abdera Parser which expands XML entities by default which represents a major XXE risk.Enginsight
| Vendor | Product | Version |
|---|---|---|
| apache | cxf | 𝑥 ≤ 3.0.11 |
| apache | cxf | 3.1.0 |
| apache | cxf | 3.1.1 |
| apache | cxf | 3.1.2 |
| apache | cxf | 3.1.3 |
| apache | cxf | 3.1.4 |
| apache | cxf | 3.1.5 |
| apache | cxf | 3.1.6 |
| apache | cxf | 3.1.7 |
| apache | cxf | 3.1.8 |
𝑥
= Vulnerable software versions
References