A denial of service flaw was found in the way Apache CXF created error messages for certain POST requests. A remote attacker could send a specially crafted request which, when processed by an application using Apache CXF, could consume an excessive amount of memory on the system, possibly triggering an Out Of Memory (OOM) error.
Find out more about CVE-2014-0109 from the MITRE CVE dictionary dictionary and NIST NVD.
| Base Score | 3.5 |
|---|---|
| Base Metrics | AV:N/AC:M/Au:S/C:N/I:N/A:P |
| Access Vector | Network |
| Access Complexity | Medium |
| Authentication | Single |
| Confidentiality Impact | None |
| Integrity Impact | None |
| Availability Impact | Partial |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat JBoss Enterprise Application Platform 6.2 | RHSA-2014:0797 | 2014-06-26 |
| Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server | RHSA-2014:0799 | 2014-06-26 |
| Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server | RHSA-2014:0798 | 2014-06-26 |
| Platform | Package | State |
|---|---|---|
| Red Hat OpenShift Enterprise 2 | cxf | Will not fix |
| Red Hat OpenShift Enterprise 1 | cxf | Will not fix |
| Red Hat JBoss Portal Platform 6 | cxf | Will not fix |
| Red Hat JBoss Fuse Service Works 6 | cxf | Will not fix |
| Red Hat JBoss BRMS 6 | cxf | Will not fix |
| Red Hat JBoss BRMS 5 | cxf | Will not fix |
| Red Hat JBoss BPMS 6 | cxf | Will not fix |
Vulmon