Описание
Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (/tmp disk consumption) via a large invalid SOAP message.
It was found that when a large invalid SOAP message was processed by Apache CXF, it could be saved to a temporary file in the /tmp directory. A remote attacker could send a specially crafted SOAP message that, when processed by an application using Apache CXF, would use an excessive amount of disk space, possibly causing a denial of service.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Enterprise 1 | cxf | Will not fix | ||
| Red Hat BPM Suite 6 | cxf | Affected | ||
| Red Hat JBoss BRMS 5 | cxf | Will not fix | ||
| Red Hat JBoss BRMS 6 | cxf | Affected | ||
| Red Hat JBoss Enterprise Web Server 1 | amq-6.1 | Affected | ||
| Red Hat JBoss Enterprise Web Server 1 | amq-7.1 | Will not fix | ||
| Red Hat JBoss Enterprise Web Server 1 | fuse-6.1 | Affected | ||
| Red Hat JBoss Enterprise Web Server 1 | fuse-7.1 | Will not fix | ||
| Red Hat JBoss Fuse Service Works 6 | cxf | Affected | ||
| Red Hat JBoss Portal 6 | cxf | Affected |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1093527CXF: Large invalid content could cause temporary space to fill
EPSS
Процентиль: 91%
0.06069
Низкий
3.5 Low
CVSS2
Связанные уязвимости
nvd
больше 11 лет назад
Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (/tmp disk consumption) via a large invalid SOAP message.
EPSS
Процентиль: 91%
0.06069
Низкий
3.5 Low
CVSS2