org.apache.cxf:cxf-api@2.4.0 vulnerabilities

  • latest version

    2.7.18

  • latest non vulnerable version

  • first published

    16 years ago

  • latest version published

    9 years ago

  • licenses detected

  • package manager

  • Direct Vulnerabilities

    Known vulnerabilities in the org.apache.cxf:cxf-api package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Improper Authentication

    org.apache.cxf:cxf-api is an open source services framework.

    Affected versions of this package are vulnerable to Improper Authentication. The URIMappingInterceptor, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.

    How to fix Improper Authentication?

    Upgrade org.apache.cxf:cxf-api to version 2.5.8, 2.6.5, 2.7.2 or higher.

    [,2.5.8)[2.6.0,2.6.5)[2.7.0,2.7.2)
    • M
    Arbitrary Web-service Operation Execution

    org.apache.cxf:cxf-api is an open source services framework.

    Affected versions of this package are vulnerable to Arbitrary Web-service Operation Execution. A remote attacker could execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.

    How to fix Arbitrary Web-service Operation Execution?

    Upgrade org.apache.cxf:cxf-api to versions 2.4.9, 2.5.5, 2.6.2 or higher.

    [2.6.0,2.6.2)[2.5.0,2.5.5)[,2.4.9)