cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Kulp <dk...@apache.org>
Subject [Important] Apache CXF security advisory CVE-2010-2076
Date Wed, 16 Jun 2010 15:29:13 GMT


The Apache CXF team recently discovered a security issue that may allow an 
attacker to carry out denial of service attacks and to read arbitrary files on 
the file system of the node where CXF runs. Details of the vulnerability are 
described in the following advisory:

http://svn.apache.org/repos/asf/cxf/trunk/security/CVE-2010-2076.pdf

This vulnerability may potentially be exploited on any CXF installation that 
receives XML messages from untrusted sources. We strongly recommend to all 
users who manage this type of installation to follow the instructions in the 
above advisory in order to mitigate the security risk caused by this 
vulnerability.


-- The Apache CXF team

Mime
View raw message