Denial Of Service

Apache Neethi is vulnerable to Denial of Service DoS. The vulnerability is due to algorithmic complexity in the policy normalization process, where specially crafted WS-Policy documents trigger exponential Cartesian cross-product expansion, leading to excessive memory allocation and JVM heap...

GHSA-G36M-9G3M-2VMP Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization

Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization. Specially crafted WS-Policy documents can trigger an exponential Cartesian cross-product expansion during the normalization process, causing unbounded memory allocation that exhausts...

CVE-2026-42402

Apache Neethi is vulnerable to a Denial of Service attack through algorithmic complexity in policy normalization. Specially crafted WS-Policy documents can trigger an exponential Cartesian cross-product expansion during the normalization process, causing unbounded memory allocation that exhausts...

EUVD-2026-26486

Apache Neethi does not properly detect circular references in policy definitions. When a WS-Policy document contains circular policy references where Policy A references Policy B which references Policy A, the policy normalization process can enter an infinite loop or cause excessive recursion,...

Apache Neethi 资源管理错误漏洞

Apache Neethi is a policy processing framework library developed by the Apache Foundation. There is a resource management vulnerability in Apache Neethi, which stems from the algorithmic complexity involved in policy normalization. This vulnerability may cause specially crafted WS-Policy document...