Lucene search
ApacheVULNRICHMENT:CVE-2024-41172HistoryJul 19, 2024 - 8:50 a.m.
CVE-2024-41172 Apache CXF: Unrestricted memory consumption in CXF HTTP clients
2024-07-1908:50:43
CWE-401
apache
github.com
2
cve-2024-41172
apache cxf
unrestricted memory.
AI Score
6.4
Confidence
High
EPSS
0.001
Percentile
38.6%
SSVC
Exploitation
none
Automatable
yes
Technical Impact
partial
In versions of Apache CXF before 3.6.4 and 4.0.5 (3.5.x and lower versions are not impacted), a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the application to run out of memory
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*"
],
"vendor": "apache",
"product": "cxf",
"versions": [
{
"status": "affected",
"version": "3.6.0",
"lessThan": "3.6.4",
"versionType": "semver"
},
{
"status": "affected",
"version": "4.0.0",
"lessThan": "4.0.5",
"versionType": "semver"
}
],
"defaultStatus": "unknown"
}
]Related
veracode
veracode
Memory Leak
2024-07-21 16:40:28
nessus
nessus
Apache CXF 3.6.x < 3.6.4, 4.0.x < 4.0.5 DoS
2024-07-26 00:00:00
cvelist
cvelist
nvd
nvd
CVE-2024-41172
2024-07-19 09:15:05
github
github
Apache CXF allows unrestricted memory consumption in CXF HTTP clients
2024-07-19 09:32:06
osv
osv
Apache CXF allows unrestricted memory consumption in CXF HTTP clients
2024-07-19 09:32:06
CVE-2024-41172
2024-07-19 09:15:05
redhatcve
redhatcve
CVE-2024-41172
2024-07-23 09:17:40
cve
cve
CVE-2024-41172
2024-07-19 09:15:05
AI Score
6.4
Confidence
High
EPSS
0.001
Percentile
38.6%
SSVC
Exploitation
none
Automatable
yes
Technical Impact
partial
Related for VULNRICHMENT:CVE-2024-41172