Apache CXF is vulnerable to a denial of service, caused by an infinite loop flaw in the JsonMapObjectReaderWriter function. By sending a specially-crafted JSON to a web service, a remote attacker could exploit this vulnerability to consume available CPU resources, and results in a denial of service condition.
Apache Chainsaw could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw when reading the log events. By sending specially-crafted requests, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Upgrade to the latest version of Apache available from the Apache Web site