Access Restriction Bypass Affecting org.apache.cxf:cxf-rt-rs-security-xml package, versions [,3.0.13) [3.1.0,3.1.10)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
21 May 2017
18 Apr 2017
org.apache.cxf:cxf-rt-rs-security-xml is an open source services framework.
JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers.