Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-23184

Опубликовано: 21 янв. 2025
Источник: redhat
CVSS3: 3.7
EPSS Низкий

Описание

A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system (it applies to servers and clients).

A flaw was found in Apache CXF. In some edge cases with large data stream caching, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system and trigger a denial of service.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Logging Subsystem for Red Hat OpenShiftorg.apache.cxf/cxf-coreFix deferred
Red Hat build of Apache Camel 4 for Quarkus 3org.apache.cxf/cxf-coreFix deferred
Red Hat build of Apache Camel for Spring Boot 4org.apache.cxf/cxf-coreFix deferred
Red Hat Build of Keycloakorg.apache.cxf/cxf-coreFix deferred
Red Hat build of Quarkusorg.apache.cxf/cxf-coreFix deferred
Red Hat Fuse 7org.apache.cxf/cxf-coreOut of support scope
Red Hat Integration Camel K 1org.apache.cxf/cxf-coreFix deferred
Red Hat JBoss Data Grid 7org.apache.cxf/cxf-coreFix deferred
Red Hat JBoss Enterprise Application Platform 8org.jboss.eap-jboss-eap-xpFix deferred
Red Hat JBoss Enterprise Application Platform Expansion Packorg.apache.cxf/cxf-coreFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=2339095org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files

EPSS

Процентиль: 54%
0.00318
Низкий

3.7 Low

CVSS3

Связанные уязвимости

nvd логотип

CVE-2025-23184

CVSS3: 5.9
nvd
8 месяцев назад

A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system (it applies to servers and clients).

github логотип

GHSA-fh5r-crhr-qrrq

CVSS3: 7.5
github
8 месяцев назад

Apache CXF: Denial of Service vulnerability with temporary files

fstec логотип

BDU:2025-10258

CVSS3: 5.9
fstec
8 месяцев назад

Уязвимость функции CachedOutputStream каркаса для веб-сервисов Apache CXF, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 54%
0.00318
Низкий

3.7 Low

CVSS3