Lucene search

GitHub Advisory DatabaseGHSA-6PFF-FMH2-4MMF

HistoryJul 19, 2024 - 9:32 a.m.

Apache CXF Denial of Service vulnerability in JOSE

2024-07-1909:32:06

CWE-20

GitHub Advisory Database

github.com

apache cxf

jose

denial of service

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

27.0%

JSON

An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token.

Affected configurations

Vulners

Node

-org.apache.cxf\Matchcxf-rt-rs-security-jose

VendorProductVersionCPE
-org.apache.cxf\cxf-rt-rs-security-josecpe:2.3:a:-:org.apache.cxf\:cxf-rt-rs-security-jose:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
-	org.apache.cxf\	cxf-rt-rs-security-jose	cpe:2.3:a:-:org.apache.cxf\:cxf-rt-rs-security-jose::::::::

References

github.com/advisories/GHSA-6pff-fmh2-4mmf

github.com/apache/cxf/commit/20793d3fed2e73e2785a58ec5b47403306ae4a5c

github.com/apache/cxf/commit/2d2baa3455db7439bf1ed4e00edfc5a7106edf7d

github.com/apache/cxf/commit/d1d77c34c199c2c87ebcfe23e3c81dccfe2e2473

lists.apache.org/thread/stwrgsr1llb73nkl16klv9vjqgmmx633

nvd.nist.gov/vuln/detail/CVE-2024-32007

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

27.0%

JSON

Related for GHSA-6PFF-FMH2-4MMF