Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-254Q-RP36-V2M8
HistoryMay 13, 2022 - 1:09 a.m.

Missing XML Validation in Apache CXF

2022-05-1301:09:20
Google
osv.dev
9

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.045 Low

EPSS

Percentile

92.3%

JSON

The streaming XML parser in Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to cause a denial of service (CPU and memory consumption) via crafted XML with a large number of (1) elements, (2) attributes, (3) nested constructs, and possibly other vectors.

References

Related

fedora 6
openvas 13
cve 1
nessus 3
seebug 2
threatpost 1
securityvulns 1
prion 1
mageia 1
exploitpack 1
packetstorm 1
github 1
exploitdb 1
redhat 2
f5 2
ibm 1
fedora
fedora
[SECURITY] Fedora 19 Update: cxf-2.6.9-1.fc19
2013-08-10 20:05:12
[SECURITY] Fedora 18 Update: cxf-2.6.9-1.fc18
2013-08-10 20:01:35
[SECURITY] Fedora 18 Update: jacorb-2.3.1-8.fc18
2013-08-10 20:01:35
openvas
openvas
Fedora Update for cxf FEDORA-2013-14106
2013-08-20 00:00:00
Fedora Update for wss4j FEDORA-2013-14159
2013-08-12 00:00:00
Fedora Update for jacorb FEDORA-2013-14159
2013-08-12 00:00:00
cve
cve
CVE-2013-2160
2013-08-19 23:55:00
nessus
nessus
Fedora 18 : cxf-2.6.9-1.fc18 / jacorb-2.3.1-8.fc18 / wss4j-1.6.10-1.fc18 (2013-14159)
2013-08-12 00:00:00
Fedora 19 : cxf-2.6.9-1.fc19 / jacorb-2.3.1-8.fc19 / wss4j-1.6.10-1.fc19 (2013-14106)
2013-08-12 00:00:00
JBoss Portal 6.1.0 Update (RHSA-2013:1437)
2014-01-31 00:00:00
seebug
seebug
Apache CXF倚δΈͺθΏœη¨‹ζ‹’η»ζœεŠ‘ζΌζ΄ž(CVE-2013-2160)
2013-07-11 00:00:00
Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
2014-07-01 00:00:00
threatpost
threatpost
Apache CXF Denial of Service Vulnerabilities Patched
2013-07-09 13:55:48
securityvulns
securityvulns
SEC Consult SA-20130709-0 :: Denial of service vulnerability in Apache CXF
2013-07-15 00:00:00
prion
prion
Code injection
2013-08-19 23:55:00
mageia
mageia
Updated cxf, wss4j, and jacorb packages fix security vulnerability
2014-01-06 04:49:54
exploitpack
exploitpack
Apache CXF 2.5.102.6.72.7.4 - Denial of Service
2013-07-09 00:00:00
packetstorm
packetstorm
Apache CXF 2.5.10 / 2.6.7 / 2.7.4 Denial Of Service
2013-07-09 00:00:00
github
github
Missing XML Validation in Apache CXF
2022-05-13 01:09:20
exploitdb
exploitdb
Apache CXF < 2.5.10/2.6.7/2.7.4 - Denial of Service
2013-07-09 00:00:00
redhat
redhat
(RHSA-2013:1185) Important: Red Hat JBoss Fuse 6.0.0 patch 2
2013-08-29 00:00:00
(RHSA-2013:1028) Important: Fuse ESB Enterprise 7.1.0 update
2013-07-09 00:00:00
f5
f5
SOL15580 - Apache CXF and JBoss vulnerabilities
2014-09-11 00:00:00
K15580 : Apache CXF and JBoss vulnerabilities
2014-09-11 00:00:00
ibm
ibm
Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerability
2019-07-19 16:20:01

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.045 Low

EPSS

Percentile

92.3%

JSON
Related for OSV:GHSA-254Q-RP36-V2M8
fedora6openvas13cve1nessus3seebug2threatpost1securityvulns1prion1mageia1exploitpack1packetstorm1github1exploitdb1redhat2f52ibm1