Vulnerabilities > Apache > CXF > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-10 | CVE-2016-8739 | XXE vulnerability in Apache CXF The JAX-RS module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 provides a number of Atom JAX-RS MessageBodyReaders. | 7.5 |
| 2017-04-18 | CVE-2017-5656 | Session Fixation vulnerability in Apache CXF Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user. | 7.5 |