CVE-2014-0109CVE-2014-0109

Affected configuration(s):

cpe:/a:apache:cxf:2.4.0
cpe:/a:apache:cxf:2.4.1
cpe:/a:apache:cxf:2.4.2
cpe:/a:apache:cxf:2.4.3
cpe:/a:apache:cxf:2.4.4
cpe:/a:apache:cxf:2.4.5
cpe:/a:apache:cxf:2.4.6
cpe:/a:apache:cxf:2.4.7
cpe:/a:apache:cxf:2.5.0
cpe:/a:apache:cxf:2.5.1
cpe:/a:apache:cxf:2.5.2
cpe:/a:apache:cxf:2.5.3
cpe:/a:apache:cxf:2.5.4
cpe:/a:apache:cxf:2.5.5
cpe:/a:apache:cxf:2.5.6
cpe:/a:apache:cxf:2.5.7
cpe:/a:apache:cxf:2.5.8
cpe:/a:apache:cxf:2.5.9
cpe:/a:apache:cxf:2.6.0
cpe:/a:apache:cxf:2.6.1
cpe:/a:apache:cxf:2.6.2
cpe:/a:apache:cxf:2.6.3
cpe:/a:apache:cxf:2.6.4
cpe:/a:apache:cxf:2.6.5
cpe:/a:apache:cxf:2.6.6
cpe:/a:apache:cxf:2.6.7
cpe:/a:apache:cxf:2.6.8
cpe:/a:apache:cxf:2.6.9
cpe:/a:apache:cxf:2.6.10
cpe:/a:apache:cxf:2.6.11
cpe:/a:apache:cxf:2.6.12
cpe:/a:apache:cxf:2.6.13
cpe:/a:apache:cxf:2.7.0
cpe:/a:apache:cxf:2.7.1
cpe:/a:apache:cxf:2.7.2
cpe:/a:apache:cxf:2.7.3
cpe:/a:apache:cxf:2.7.4
cpe:/a:apache:cxf:2.7.5
cpe:/a:apache:cxf:2.7.6
cpe:/a:apache:cxf:2.7.7
cpe:/a:apache:cxf:2.7.8
cpe:/a:apache:cxf:2.7.9
cpe:/a:apache:cxf:2.7.10

Date published: 2014-05-08T10:29:13.080-04:00

Date last modified: 2015-04-22T21:59:15.817-04:00

CVSS Score: 4.3

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://rhn.redhat.com/errata/RHSA-2014-1351.html

Summary: Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (memory consumption) via a large request with the Content-Type set to text/html to a SOAP endpoint, which triggers an error.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.