You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Colm O hEigeartaigh <co...@apache.org> on 2014/12/22 13:00:28 UTC
New SSL/TLS vulnerabilities in Apache CXF
Two new security vulnerabilities are announced in Apache CXF that are fixed
in the latest 3.0.3 and 2.7.14 releases:
a) Note on CVE-2014-3566 - SSL 3.0 support in Apache CXF, aka the "POODLE"
attack
b) CVE-2014-3577: Apache CXF SSL hostname verification bypass
Both advisories are available here:
http://cxf.apache.org/security-advisories.html
Colm.
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com