We are using Apache CXF Rest for our Restful web services. We ran Veracode's static security scan on our code base and have identified some flaws in Apache CXF code, in following categories:
http://www.owasp.org/index.php/Unsafe_Reflection http://webappsec.pbworks.com/Improper-Output-Handling http://webappsec.pbworks.com/Path-Traversal http://webappsec.pbworks.com/HTTP-Response-Splitting Has anyone else seen these flaws in Apache CXF code and knows any way to resolve them?
