Apache CXF is vulnerable to hostname verification bypass. The vulnerability exists when CXF is used with the com.sun.net.ssl
stack, leading to an error in TLS hostname verification which make CXF clients susceptible to man-in-the-middle attack.
cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc?version=1&modificationDate=1530184663000&api=v2
www.securityfocus.com/bid/106357
www.securitytracker.com/id/1041199
access.redhat.com/errata/RHSA-2018:2276
access.redhat.com/errata/RHSA-2018:2277
access.redhat.com/errata/RHSA-2018:2279
access.redhat.com/errata/RHSA-2018:2423
access.redhat.com/errata/RHSA-2018:2424
access.redhat.com/errata/RHSA-2018:2425
access.redhat.com/errata/RHSA-2018:2428
access.redhat.com/errata/RHSA-2018:2643
access.redhat.com/errata/RHSA-2018:3768
access.redhat.com/errata/RHSA-2018:3817
github.com/apache/cxf/commit/fae6fabf9bd7647f5e9cb68897a7d72b545b741b
lists.apache.org/thread.html/1f8ff31df204ad0374ab26ad333169e0387a5e7ec92422f337431866@%3Cdev.cxf.apache.org%3E
lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
www.oracle.com/security-alerts/cpuapr2020.html
www.oracle.com/security-alerts/cpujan2020.html
www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html