Описание
The streaming XML parser in Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to cause a denial of service (CPU and memory consumption) via crafted XML with a large number of (1) elements, (2) attributes, (3) nested constructs, and possibly other vectors.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss Enterprise Application Platform 6 | jbossws-cxf | Not affected | ||
| Red Hat JBoss Enterprise Web Server 1 | fuse-6 | Affected | ||
| Red Hat JBoss Enterprise Web Server 1 | fuse-enterprise-esb-7 | Affected | ||
| Fuse ESB Enterprise 7.1.0 | Fixed | RHSA-2013:1028 | 09.07.2013 | |
| Red Hat JBoss Fuse 6.0 | Fixed | RHSA-2013:1185 | 29.08.2013 | |
| Red Hat JBoss Portal Platform 6.1 | cxf | Fixed | RHSA-2013:1437 | 16.10.2013 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=929197apache-cxf: Multiple denial of service flaws in the StAX parser
EPSS
Процентиль: 95%
0.203
Средний
5 Medium
CVSS2
Связанные уязвимости
nvd
почти 12 лет назад
The streaming XML parser in Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to cause a denial of service (CPU and memory consumption) via crafted XML with a large number of (1) elements, (2) attributes, (3) nested constructs, and possibly other vectors.
EPSS
Процентиль: 95%
0.203
Средний
5 Medium
CVSS2