Описание
Apache CXF Denial of Service vulnerability in JOSE
An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2024-32007
- https://github.com/apache/cxf/commit/20793d3fed2e73e2785a58ec5b47403306ae4a5c
- https://github.com/apache/cxf/commit/2d2baa3455db7439bf1ed4e00edfc5a7106edf7d
- https://github.com/apache/cxf/commit/d1d77c34c199c2c87ebcfe23e3c81dccfe2e2473
- https://lists.apache.org/thread/stwrgsr1llb73nkl16klv9vjqgmmx633
Пакеты
org.apache.cxf:cxf-rt-rs-security-jose
>= 4.0.0, < 4.0.5
4.0.5
org.apache.cxf:cxf-rt-rs-security-jose
>= 3.6.0, < 3.6.4
3.6.4
org.apache.cxf:cxf-rt-rs-security-jose
< 3.5.9
3.5.9
Связанные уязвимости
An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token.
An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token.
Уязвимость компонента JOSE каркаса для веб-сервисов Apache CXF, позволяющая нарушителю вызвать отказ в обслуживании