Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations (DTDs) when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters.
Metrics
Affected Vendors & Products
References
History
No history.

Status: PUBLISHED
Assigner: apache
Published:
Updated: 2024-09-16T22:15:38.445Z
Reserved: 2018-03-09T00:00:00
Link: CVE-2018-8038

No data.

Status : Modified
Published: 2018-07-05T13:29:00.587
Modified: 2024-11-21T04:13:09.370
Link: CVE-2018-8038

No data.