org.apache.cxf:cxf-api@2.0.13 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.apache.cxf:cxf-api package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Improper Authentication

org.apache.cxf:cxf-api is an open source services framework.

Affected versions of this package are vulnerable to Improper Authentication. The URIMappingInterceptor, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.

How to fix Improper Authentication?

Upgrade org.apache.cxf:cxf-api to version 2.5.8, 2.6.5, 2.7.2 or higher.

[,2.5.8) [2.6.0,2.6.5) [2.7.0,2.7.2)
  • M
Arbitrary Web-service Operation Execution

org.apache.cxf:cxf-api is an open source services framework.

Affected versions of this package are vulnerable to Arbitrary Web-service Operation Execution. A remote attacker could execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.

How to fix Arbitrary Web-service Operation Execution?

Upgrade org.apache.cxf:cxf-api to versions 2.4.9, 2.5.5, 2.6.2 or higher.

[2.6.0,2.6.2) [2.5.0,2.5.5) [,2.4.9)