18 matches found
SUSE CVE-2013-2160
The streaming XML parser in Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to cause a denial of service CPU and memory consumption via crafted XML with a large number of 1 elements, 2 attributes, 3 nested constructs, and possibly other vectors...
com.github.livesense:org.liveSense.sample.webServiceServlet (>=1.0.3 <=1.0.5), com.github.livesense:org.liveSense.service.cxf (>=1.0.3 <=1.0.5) +224 more potentially affected by CVE-2013-2160 via org.apache.cxf:cxf-rt-frontend-jaxrs (>=2.7.0 <=2.7.3)
org.apache.cxf:cxf-rt-frontend-jaxrs MAVEN version =2.7.0, =1.0.3, =1.0.3, =1.0.0, =0.4.0, =0.4.1, =1.3.1, =1.2.3, =1.2.3, =2.3, =1.0.0, =1.4, =0.9, =2.9.1-SP.10, =1.1.0.Beta1, =1.1.0.Beta6 and more Source cves: CVE-2013-2160 Source advisory: OSV:GHSA-254Q-RP36-V2M8...
com.apitrary:apitrary-api-client (=0.1), com.apitrary:apitrary-orm-core (=0.1) +95 more potentially affected by CVE-2013-2160 via org.apache.cxf:cxf-rt-frontend-jaxrs (>=2.6.0 <=2.6.6)
org.apache.cxf:cxf-rt-frontend-jaxrs MAVEN version =2.6.0, =0.0.2, =1.0.0, =1.0.0, =1.0.3, =1.0.M1, =1.0.M1, =1.0.M2, =1.0.0, =1.0.0, =1.0.6 and more Source cves: CVE-2013-2160 Source advisory: OSV:GHSA-254Q-RP36-V2M8...
Mageia: Security Advisory (MGASA-2014-0001)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
No description provided by source. SEC Consult Vulnerability Lab Security Advisory 20130709-0 ======================================================================= title: Denial of service vulnerability product: Apache CXF vulnerable version: Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 fixed...
Updated cxf, wss4j, and jacorb packages fix security vulnerability
Multiple denial of service flaws were found in the way StAX parser implementation of Apache CXF, an open-source web services framework, performed processing of certain XML files. If a web service application utilized the services of the StAX parser, a remote attacker could provide a...
Important: Red Hat Security Advisory: Red Hat JBoss Fuse 6.0.0 patch 2
Red Hat JBoss Fuse 6.0.0 patch 2, which fixes several security issues and various bugs, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give...
Fedora Update for wss4j FEDORA-2013-14106
Check for the Version of wss4j OpenVAS Vulnerability Test Fedora Update for wss4j FEDORA-2013-14106 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...
Fedora Update for wss4j FEDORA-2013-14106
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for cxf FEDORA-2013-14106
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2013-2160
The streaming XML parser in Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to cause a denial of service CPU and memory consumption via crafted XML with a large number of 1 elements, 2 attributes, 3 nested constructs, and possibly other vectors...
CVE-2013-2160
CVE-2013-2160 affects Apache CXF’s streaming XML parser. Versions affected: CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before 2.7.4. A crafted XML payload with a very large number of elements/attributes/nested constructs can cause denial of service through CPU and memory exhaustion. T...
Fedora 19 : cxf-2.6.9-1.fc19 / jacorb-2.3.1-8.fc19 / wss4j-1.6.10-1.fc19 (2013-14106)
Upgrade of CXF to 2.6.9, fixes CVE-2013-2160. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
SEC Consult SA-20130709-0 :: Denial of service vulnerability in Apache CXF
SEC Consult Vulnerability Lab Security Advisory 20130709-0 ======================================================================= title: Denial of service vulnerability product: Apache CXF vulnerable version: Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 fixed version: Apache CXF 2.5.10, 2.6.7 and...
Apache CXF多个远程拒绝服务漏洞(CVE-2013-2160)
BUGTRAQ ID: 61030 CVECAN ID: CVE-2013-2160 Apache CXF是一个开源服务框架,用于使用JAX-WS、JAX-RS等前端编程API编译和开发服务。 Apache CXF 2.5.10, 2.6.7, 2.7.4存在多个远程拒绝服务漏洞,流XML解析器没有限制元素数、属性数、接收文档嵌套结构等,攻击者利用这些漏洞可造成应用崩溃,导致拒绝服务。 0 Apache Group CXF = 2.5.10 Apache Group CXF 2.7.4 Apache Group CXF 2.6.7 厂商补丁: Apache Group...
Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
Exploit for multiple platform in category dos / poc ======================================================================= title: Denial of service vulnerability product: Apache CXF vulnerable version: Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 fixed version: Apache CXF 2.5.10, 2.6.7 and 2.7.4...
Apache CXF < 2.5.10/2.6.7/2.7.4 - Denial of Service
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Denial of service vulnerability product: Apache CXF vulnerable version: Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 fixed version: Apache CXF 2.5.10, 2.6.7 and 2.7.4...
Apache CXF 2.5.102.6.72.7.4 - Denial of Service
Apache CXF 2.5.102.6.72.7.4 - Denial of Service SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Denial of service vulnerability product: Apache CXF vulnerable version: Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 fixed...