CVE-2016-8739
CVSS v3.0
7.5 (High)
CVSS v2.0
7.8 (High)
EPSS
0.55 % (78th)
Affected Products
1
Advisories
2
The JAX-RS module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 provides a number of Atom JAX-RS MessageBodyReaders. These readers use Apache Abdera Parser which expands XML entities by default which represents a major XXE risk.
Weaknesses
- CWE-611
- Improper Restriction of XML External Entity Reference
- CVE Status
- PUBLISHED
- CNA
- Apache Software Foundation
- Published Date
-
2017-08-10 18:29:00
(7 years ago) - Updated Date
-
2023-11-07 02:36:28
(10 months ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...