CVE-2016-8739 Description The JAX-RS module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 provides a number of Atom JAX-RS MessageBodyReaders. These readers use Apache Abdera Parser which expands XML entities by default which represents a major XXE risk. Mitigation We recommend upgrading to a version of this component that is not vulnerable to this specific issue. Related links: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8739 http://cxf.apache.org/security-advisories.data/CVE-2016-8739.txt.asc?version=1&modificationDate=1482164360575&api=v2 Project Category XXE risk Tags data Date Disclosed 2016-12-19 Date Discovered 2016-10-18 JTVCYnJhbmNoX2xpc3QlNUQlNUIlMkZicmFuY2hfbGlzdCU1RA== Feel Vulnerable?  Contact us so we can help you.