{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-03T12:20:32.163","vulnerabilities":[{"cve":{"id":"CVE-2016-8739","sourceIdentifier":"security@apache.org","published":"2017-08-10T18:29:00.190","lastModified":"2026-05-13T00:24:29.033","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The JAX-RS module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 provides a number of Atom JAX-RS MessageBodyReaders. These readers use Apache Abdera Parser which expands XML entities by default which represents a major XXE risk."},{"lang":"es","value":"El módulo JAX-RS en Apache CXF anterior a 3.0.12 y en sus versiones 3.1.x anteriores a 3.1.9 proporciona un número de Atom JAX-RS MessageBodyReaders. Estos lectores emplean Apache Abdera Parser que expande las entidades XML por defecto. Esto representa un gran riesgo de XXE."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:N/A:N","baseScore":7.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-611"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*","versionEndIncluding":"3.0.11","matchCriteriaId":"98F580FB-30CB-424C-B401-02DD90BC2265"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:cxf:3.1.0:*:*:*:*:*:*:*","matchCriteriaId":"BFBBD3B0-C8AE-45BA-83A3-847F03E90319"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:cxf:3.1.1:*:*:*:*:*:*:*","matchCriteriaId":"52F66A01-83E5-48D8-AD1F-7F331CC889D3"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:cxf:3.1.2:*:*:*:*:*:*:*","matchCriteriaId":"2A1BF056-AA31-4968-85C7-9897F5720325"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:cxf:3.1.3:*:*:*:*:*:*:*","matchCriteriaId":"EF05B313-65F0-4DD3-B6AC-0B4F6E39E677"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:cxf:3.1.4:*:*:*:*:*:*:*","matchCriteriaId":"F0DA5338-6541-46CF-B8BC-BA41CF9C33CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:cxf:3.1.5:*:*:*:*:*:*:*","matchCriteriaId":"132F95AB-FF48-4434-A5E7-4EC7C801FAC3"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:cxf:3.1.6:*:*:*:*:*:*:*","matchCriteriaId":"E74DDFC9-7DFB-4C60-B20D-274260481F1A"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:cxf:3.1.7:*:*:*:*:*:*:*","matchCriteriaId":"B0029085-6E5C-4502-967B-8CA47FDE39EF"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:cxf:3.1.8:*:*:*:*:*:*:*","matchCriteriaId":"69F2C5BA-4052-46F7-9AF4-BB87E7A8FFFC"}]}]}],"references":[{"url":"http://cxf.apache.org/security-advisories.data/CVE-2016-8739.txt.asc","source":"security@apache.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/97579","source":"security@apache.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037544","source":"security@apache.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:0868","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E","source":"security@apache.org"},{"url":"http://cxf.apache.org/security-advisories.data/CVE-2016-8739.txt.asc","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/97579","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1037544","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://access.redhat.com/errata/RHSA-2017:0868","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}