GoogleOSV:GHSA-6PFF-FMH2-4MMFApache CXF Denial of Service vulnerability in JOSE
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
27.0%
An improper input validation of theΒ p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9Β allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token.
References
github.com/apache/cxf
github.com/apache/cxf/commit/20793d3fed2e73e2785a58ec5b47403306ae4a5c
github.com/apache/cxf/commit/2d2baa3455db7439bf1ed4e00edfc5a7106edf7d
github.com/apache/cxf/commit/d1d77c34c199c2c87ebcfe23e3c81dccfe2e2473
lists.apache.org/thread/stwrgsr1llb73nkl16klv9vjqgmmx633
nvd.nist.gov/vuln/detail/CVE-2024-32007
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
27.0%