The JAX-RS module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 provides a number of Atom JAX-RS MessageBodyReaders. These readers use Apache Abdera Parser which expands XML entities by default which represents a major XXE risk.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2017-08-10T18:00:00Z
Updated: 2024-09-16T22:51:45.164Z
Reserved: 2016-10-18T00:00:00
Link: CVE-2016-8739
Vulnrichment
No data.
NVD
Status : Modified
Published: 2017-08-10T18:29:00.190
Modified: 2024-11-21T02:59:57.850
Link: CVE-2016-8739
Redhat