CVE-2016-8739 is a vulnerability in Apache CXF
Published on August 10, 2017

The JAX-RS module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 provides a number of Atom JAX-RS MessageBodyReaders. These readers use Apache Abdera Parser which expands XML entities by default which represents a major XXE risk.

Vendor Advisory NVD

Products Associated with CVE-2016-8739

Want to know whenever a new CVE is published for Apache CXF? stack.watch will email you.

Apache CXF

Affected Versions

Apache Software Foundation Apache CXF:

Version prior to 3.0.12 is affected.
Version 3.1.x prior to 3.1.9 is affected.

Exploit Probability

EPSS

2.67%

Percentile

85.58%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2016-8739 is a vulnerability in Apache CXFPublished on August 10, 2017

Products Associated with CVE-2016-8739

Affected Versions

Exploit Probability

CVE-2016-8739 is a vulnerability in Apache CXF
Published on August 10, 2017