Lucene search

Improper Input Validation in Apache CXF

🗓️ 13 May 2022 01:20:09Reported by GitHub Advisory DatabaseType

Improper Input Validation in Apache CXF leads to DoS attack by crafting large message attachment headers

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 51
IBM Security Bulletins	Security Bulletin: Open Source Apache CXF Vulnerablities affect IBM Tivoli Application Dependency Discovery Manager (TADDM) (CVE-2017-12624)	17 Jun 201815:49	–	ibm
IBM Security Bulletins	Security Bulletin: Denial of Service in Apache CXF used by WebSphere Application Server affect IBM Operations Analytics - Log Analysis (CVE-2017-12624)	26 Dec 201807:30	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in Apache CXF, which is shipped with IBM Tivoli Network Manager IP Edition (CVE-2017-12624).	28 Jun 202322:03	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with WebSphere Remote Server (CVE-2017-12624)	15 Jun 201807:09	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerability in Apache affects IBM InfoSphere Master Data Management (CVE-2017-12624)	27 Apr 202210:23	–	ibm
IBM Security Bulletins	Security Bulletin: Open Source Apache CXF Vulnerabilities affects IBM Spectrum LSF Explorer	18 Jun 201801:42	–	ibm
IBM Security Bulletins	Security Bulletin: Open Source Apache CXF Vulnerabilities	31 Oct 201814:30	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with the optional IBM Business Process Manager component Process Federation Server (CVE-2017-12624)	15 Sep 202219:22	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Tivoli Netcool Impact is affected by a potential denial of service used by IBM WebSphere Application Server vulnerability (CVE-2017-12624)	17 Jun 201815:51	–	ibm
IBM Security Bulletins	Security Bulletin: A Security Vulnerability has been Identified in Websphere Application Server Shipped with Predictive Customer Intelligence (CVE-2017-12624)	16 Jun 201820:13	–	ibm

Vulners

Node

org.apache.cxf cxf-coreRange<3.0.16

org.apache.cxf cxf-coreRange3.1.0–3.1.13

org.apache.cxf cxf-core

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2017-12624
access	www.access.redhat.com/errata/RHSA-2018:2423
access	www.access.redhat.com/errata/RHSA-2018:2424
access	www.access.redhat.com/errata/RHSA-2018:2425
access	www.access.redhat.com/errata/RHSA-2018:2428
lists	www.lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
lists	www.lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
lists	www.lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
lists	www.lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
lists	www.lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

13 May 2022 01:09Current

4.6Medium risk

Vulners AI Score4.6

CVSS24.3

CVSS35.5

EPSS0.02297

CWE-20