SUSE CVE-2013-2160

The streaming XML parser in Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to cause a denial of service CPU and memory consumption via crafted XML with a large number of 1 elements, 2 attributes, 3 nested constructs, and possibly other vectors...

Apache CXF Denial of Service Vulnerabilities Patched

The Apache Software Foundation has patched a denial of service vulnerability in the XML parser of the Apache CXF Web services framework. Researchers, Andreas Falkenberg from Sec Consult Vulnerability Labs, and Christian Mainka, Juraj Somorovsky, and Joerg Schwenk from Ruhr-University Bochum,...