PT-2014-5406 · Apache · Apache Cxf

Published

2014-10-30

Updated

2022-05-13

CVE-2014-3584

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Apache CXF versions 2.6.10 and earlier, 2.7.x before 2.7.8, 3.0.x before 3.0.1

Description The issue allows remote attackers to cause a denial of service, resulting in an infinite loop. This can be achieved by sending a crafted SAML token in the authorization header of a request to a JAX-RS service.

Recommendations For Apache CXF versions 2.6.10 and earlier, update to version 2.6.11 or later. For Apache CXF versions 2.7.x before 2.7.8, update to version 2.7.8 or later. For Apache CXF versions 3.0.x before 3.0.1, update to version 3.0.1 or later.

Fix

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399CWE-835

Related Identifiers

CVE-2014-3584

GHSA-GW5J-77F9-V2G2

MGASA-2014-0557

Affected Products

Apache Cxf

PT-2014-5406 · Apache · Apache Cxf

CVE-2014-3584

Weakness Enumeration

Related Identifiers

Affected Products

References · 29