PT-2017-12608 · Apache · Apache Cxf

Publicado

2017-11-14

Atualizado

2022-05-13

CVE-2017-12624

CVSS v3.1

5.5

Média

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Apache CXF versions prior to 3.1.14 Apache CXF versions prior to 3.2.1

Description The issue allows an attacker to craft a message attachment header that could lead to a Denial of Service (DoS) attack on a CXF web service provider. Both JAX-WS and JAX-RS services are affected.

Recommendations For Apache CXF versions prior to 3.1.14, update to version 3.1.14 or later to resolve the issue. For Apache CXF versions prior to 3.2.1, update to version 3.2.1 or later to resolve the issue. As a temporary workaround, consider configuring the "attachment-max-header-size" property to reject message attachment headers greater than 300 characters.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2017-12624

GHSA-7VGJ-8MW4-HG8R

RHSA-2018:2423

RHSA-2018:2424

Produtos afetados

Apache Cxf

PT-2017-12608 · Apache · Apache Cxf

CVE-2017-12624

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 28