org.apache.cxf:cxf-api@2.6.1 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.apache.cxf:cxf-api package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Denial of Service (DoS)

org.apache.cxf:cxf-api is an open source services framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). None

How to fix Denial of Service (DoS)?

Upgrade org.apache.cxf:cxf-api to version 2.5.10, 2.6.7, 2.7.4 or higher.

[2.5.0,2.5.10) [2.6.0,2.6.7) [2.7.0,2.7.4)
  • M
Denial of Service (DoS)

org.apache.cxf:cxf-api is an open source services framework.

Affected versions of this package are vulnerable to Denial of Service (DoS). Allows remote attackers to cause a denial of service (memory consumption) via a large request with the Content-Type set to text/html to a SOAP endpoint, which triggers an error.

How to fix Denial of Service (DoS)?

Upgrade org.apache.cxf:cxf-api to version 2.6.14, 2.7.11, 3.0.0-milestone2 or higher.

[2.6.0,2.6.14) [2.7.0,2.7.11) [3.0.0-milestone1,3.0.0-milestone2)
  • M
Improper Authentication

org.apache.cxf:cxf-api is an open source services framework.

Affected versions of this package are vulnerable to Improper Authentication. The URIMappingInterceptor, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.

How to fix Improper Authentication?

Upgrade org.apache.cxf:cxf-api to version 2.5.8, 2.6.5, 2.7.2 or higher.

[,2.5.8) [2.6.0,2.6.5) [2.7.0,2.7.2)
  • M
Arbitrary Web-service Operation Execution

org.apache.cxf:cxf-api is an open source services framework.

Affected versions of this package are vulnerable to Arbitrary Web-service Operation Execution. A remote attacker could execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.

How to fix Arbitrary Web-service Operation Execution?

Upgrade org.apache.cxf:cxf-api to versions 2.4.9, 2.5.5, 2.6.2 or higher.

[2.6.0,2.6.2) [2.5.0,2.5.5) [,2.4.9)