8 matches found
Security Bulletin: IBM Tivoli Application Dependency Discovery Manager is vulnerable to server-side request forgery due to Apache CXF
Summary This security bulletin addresses the vulnerabilitiy in Open Source Apache CXF that affect IBM Tivoli Application Dependency Discovery Manager CVE-2024-32007, CVE-2024-29736. IBM Tivoli Application Dependency Discovery Manager is using Apache CXF for its SOAP API and REST API implementatio...
Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 3.20.7 for Spring Boot security update.
Red Hat build of Apache Camel 3.20.7 for Spring Boot release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...
Apache CXF < 3.5.9, 3.6.x < 3.6.4, 4.0.x < 4.0.5 Multiple Vulnerabilities
The version of Apache CXF installed on the remote Windows host is affected by multiple vulnerabilities: - A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only...
io.quarkiverse.cxf:quarkus-cxf-integration-test-ws-trust (>=2.0.0 <=3.13.0), io.quarkiverse.cxf:quarkus-cxf-services-sts (>=2.0.0 <=3.13.0) +23 more potentially affected by CVE-2024-32007 via org.apache.cxf:cxf-rt-rs-security-jose (>=4.0.0 <=4.0.4)
org.apache.cxf:cxf-rt-rs-security-jose MAVEN version =4.0.0, =2.0.0, =2.0.0, =2.0.0, =4.0.0, =3.0.0-M1, =3.0.0-M1, =3.0.0-M1, =3.0.0-M1, =3.0.0-M1, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.11 and more Source cves: CVE-2024-32007 Source a...
com.amazon.opendistroforelasticsearch:opendistro_security (>=1.4.0.0 <=1.13.1.0), com.amazon.opendistroforelasticsearch:opendistro_security_advanced_modules (>=0.7.0.1 <=1.3.0.0) +215 more potentially affected by CVE-2024-32007 via org.apache.cxf:cxf-rt-rs-security-jose (>=3.0.2 <=3.5.8)
org.apache.cxf:cxf-rt-rs-security-jose MAVEN version =3.0.2, =1.4.0.0, =0.7.0.1, =6.0-21.0, =6.0.1-31.3, =4.2.0.1, =1.7.2.230613, =1.7.2.230622, =7.2.0, =6.3.0, =1.2.0, =1.2.0, =1.0.0, =1.0.0, =2.16.01 and more Source cves: CVE-2024-32007 Source advisory: OSV:GHSA-6PFF-FMH2-4MMF...
CVE-2024-32007
An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token...
CVE-2024-32007 Apache CXF Denial of Service vulnerability in JOSE
An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token...
CVE-2024-32007 Apache CXF Denial of Service vulnerability in JOSE
An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token...