Organisations using Apache CXF have been urged to patch a newly disclosed LDAP injection flaw that could allow attackers to retrieve arbitrary certificates from vulnerable XKMS repositories, ...