Описание
Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (memory consumption) via a large request with the Content-Type set to text/html to a SOAP endpoint, which triggers an error.
A denial of service flaw was found in the way Apache CXF created error messages for certain POST requests. A remote attacker could send a specially crafted request which, when processed by an application using Apache CXF, could consume an excessive amount of memory on the system, possibly triggering an Out Of Memory (OOM) error.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Enterprise 1 | cxf | Will not fix | ||
| Red Hat BPM Suite 6 | cxf | Affected | ||
| Red Hat JBoss BRMS 5 | cxf | Will not fix | ||
| Red Hat JBoss BRMS 6 | cxf | Affected | ||
| Red Hat JBoss Enterprise Web Server 1 | amq-6.1 | Affected | ||
| Red Hat JBoss Enterprise Web Server 1 | amq-7.1 | Will not fix | ||
| Red Hat JBoss Enterprise Web Server 1 | fuse-6.1 | Affected | ||
| Red Hat JBoss Enterprise Web Server 1 | fuse-7.1 | Will not fix | ||
| Red Hat JBoss Fuse Service Works 6 | cxf | Affected | ||
| Red Hat JBoss Portal 6 | cxf | Affected |
Показывать по
Дополнительная информация
Статус:
EPSS
3.5 Low
CVSS2
Связанные уязвимости
Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (memory consumption) via a large request with the Content-Type set to text/html to a SOAP endpoint, which triggers an error.
EPSS
3.5 Low
CVSS2