Published: 14/11/2017 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 384

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Apache CXF supports sending and receiving attachments via either the JAX-WS or JAX-RS specifications. It is possible to craft a message attachment header that could lead to a Denial of Service (DoS) attack on a CXF web service provider. Both JAX-WS and JAX-RS services are vulnerable to this attack. From Apache CXF 3.2.1 and 3.1.14, message attachment headers that are greater than 300 characters will be rejected by default. This value is configurable via the property "attachment-max-header-size".

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache cxf

Synopsis Important: Red Hat JBoss Enterprise Application Platform 714 on RHEL7 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 71 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as ...

Synopsis Important: Red Hat JBoss Enterprise Application Platform 714 on RHEL 6 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 71 for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as ...

Synopsis Important: Red Hat JBoss Enterprise Application Platform 71 security update Type/Severity Security Advisory: Important Topic A security update is now available for Red Hat JBoss Enterprise Application Platform from the Customer PortalRed Hat Product Security has rated this update as having a secu ...

Synopsis Important: Red Hat Single Sign-On 724 security update Type/Severity Security Advisory: Important Topic A security update is now available for Red Hat Single Sign-On 72 from theCustomer PortalRed Hat Product Security has rated this update as having a security impact of Important A Common Vulner ...

Apache CXF supports sending and receiving attachments via either the JAX-WS or JAX-RS specifications It is possible to craft a message attachment header that could lead to a Denial of Service (DoS) attack on a CXF web service provider Both JAX-WS and JAX-RS services are vulnerable to this attack From Apache CXF 321 and 3114, message attachme ...

NVD-CWE-noinfo http://cxf.apache.org/security-advisories.data/CVE-2017-12624.txt.asc http://www.securityfocus.com/bid/101859 http://www.securitytracker.com/id/1040486 https://access.redhat.com/errata/RHSA-2018:2428 https://access.redhat.com/errata/RHSA-2018:2425 https://access.redhat.com/errata/RHSA-2018:2424 https://access.redhat.com/errata/RHSA-2018:2423 https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2018:2424 https://access.redhat.com/security/cve/cve-2017-12624

CVE-2017-12624

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect