The JAX-RS module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 provides a number of Atom JAX-RS MessageBodyReaders. These readers use Apache Abdera Parser which expands XML entities by default which represents a major XXE risk.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apache
Published: 2016-12-19T00:00:00
Updated: 2021-06-16T11:07:00
Reserved: 2016-10-18T00:00:00
Link: CVE-2016-8739
JSON object: View
NVD Information
Status : Modified
Published: 2017-08-10T18:29:00.190
Modified: 2023-11-07T02:36:28.957
Link: CVE-2016-8739
JSON object: View
Redhat Information
No data.
CWE