On 2010/06/17 0:29, Daniel Kulp wrote:
>
>
> The Apache CXF team recently discovered a security issue that may allow an
> attacker to carry out denial of service attacks and to read arbitrary files
> on
> the file system of the node where CXF runs. Details of the vulnerability are
> described in the following advisory:
>
> http://svn.apache.org/repos/asf/cxf/trunk/security/CVE-2010-2076.pdf
>
I know it is better to upgrade, but just to confirm, are we OK if we are using
only SOAP binding (@BindingType("http://schemas.xmlsoap.org/wsdl/soap/http";))? I
did test it with the example exploits in the advisory, and it doesn't seem to be
vulnerable, but could you confirm?
