cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <>
Subject New SSL/TLS vulnerabilities in Apache CXF
Date Mon, 22 Dec 2014 12:00:28 GMT
Two new security vulnerabilities are announced in Apache CXF that are fixed
in the latest 3.0.3 and 2.7.14 releases:

a) Note on CVE-2014-3566 - SSL 3.0 support in Apache CXF, aka the "POODLE"

b) CVE-2014-3577: Apache CXF SSL hostname verification bypass

Both advisories are available here:


Colm O hEigeartaigh

Talend Community Coder

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message