Andreas Falkenberg

**Name of the Vulnerable Software and Affected Versions** Apache CXF versions 2.5.x through 2.5.9 Apache CXF versions 2.6.x through 2.6.6 Apache CXF versions 2.7.x through 2.7.3 **Description** The issue allows remote attackers to cause a denial of service, consuming CPU and memory, via crafted XML with a large number of elements, attributes, nested constructs, and possibly other vectors. **Recommendations** For Apache CXF versions 2.5.x through 2.5.9, update to version 2.5.10 or later. For Apache CXF versions 2.6.x through 2.6.6, update to version 2.6.7 or later. For Apache CXF versions 2.7.x through 2.7.3, update to version 2.7.4 or later.