Описание
The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted SAML token in the authorization header of a request to a JAX-RS service.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.6.10 (включая)
Одно из
cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.7.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.7.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.7.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.7.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.7.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.7.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.7.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.7.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:3.0.0:*:*:*:*:*:*:*
EPSS
Процентиль: 90%
0.05595
Низкий
5 Medium
CVSS2
Дефекты
CWE-399
Связанные уязвимости
redhat
больше 11 лет назад
The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted SAML token in the authorization header of a request to a JAX-RS service.
EPSS
Процентиль: 90%
0.05595
Низкий
5 Medium
CVSS2
Дефекты
CWE-399