You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@cxf.apache.org by Romi Awasthy <ro...@gmail.com> on 2012/12/01 22:20:17 UTC

Veracode static scan

 We are using Apache CXF Rest for our Restful web services. We ran Veracode's static security scan on our code base and have identified some flaws in Apache CXF code, in following categories:

http://www.owasp.org/index.php/Unsafe_Reflection

http://webappsec.pbworks.com/Improper-Output-Handling

http://webappsec.pbworks.com/Path-Traversal

http://webappsec.pbworks.com/HTTP-Response-Splitting


Has anyone else seen these flaws in Apache CXF code and knows any way to resolve them?