I don't see why we should believe that they are flaws unless you tell us precisely what code it is complaining of and offer an explanation of the vunerability. These are general descriptions of *possible* flaws caused by *somewhat risky* coding practices.
On Sat, Dec 1, 2012 at 4:21 PM, Romi Awasthy <[email protected]> wrote: > We are using Apache CXF Rest for our Restful web services. We ran Veracode's > static security scan on our code base and have identified some flaws in > Apache CXF code, in following categories: > > http://www.owasp.org/index.php/Unsafe_Reflection > > http://webappsec.pbworks.com/Improper-Output-Handling > > http://webappsec.pbworks.com/Path-Traversal > > http://webappsec.pbworks.com/HTTP-Response-Splitting > > > Has anyone else seen these flaws in Apache CXF code and knows any way to > resolve them?
