7.5
CVSSv3

CVE-2021-30468

CVSSv4: NA | CVSSv3: 7.5 | CVSSv2: 5 | VMScore: 850 | EPSS: 0.00587 | KEV: Not Included
Published: 16/06/2021 Updated: 21/11/2024

Vulnerability Summary

A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an malicious user to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely. This issue affects Apache CXF versions before 3.4.4; Apache CXF versions before 3.3.11.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache cxf

apache tomee 8.0.6

oracle business intelligence 5.5.0.0.0

oracle business intelligence 5.9.0.0.0

oracle business intelligence 12.2.1.3.0

oracle business intelligence 12.2.1.4.0

oracle communications element manager 8.2.2

oracle communications messaging server 8.1

Vendor Advisories

Synopsis Moderate: Red Hat JBoss Web Server 570 release and security update Type/Severity Security Advisory: Moderate Topic Red Hat JBoss Web Server 570 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, and Microsoft WindowsRed Hat Product Security has rated this release as having a security impact ...
Multiple vulnerabilities have been found in Hitachi Ops Center Common Services CVE-2019-10172, CVE-2020-27218, CVE-2021-4133, CVE-2021-22060, CVE-2021-22096, CVE-2021-30468, CVE-2021-37136, CVE-2021-37137, CVE-2021-37714, CVE-2021-40690, CVE-2021-42575, CVE-2022-22968 Affected products and versions are listed below Please upgrade your version ...

Mailing Lists

A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely This issue affects Apache CXF versions prior to 344; Apache CXF versions prior to 3311 For more information please refer to the ...

References

CWE-400CWE-835https://access.redhat.com/errata/RHSA-2022:7273https://nvd.nist.govhttps://www.first.org/epsshttps://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2022-115/index.htmlhttp://cxf.apache.org/security-advisories.data/CVE-2021-30468.txt.aschttp://www.openwall.com/lists/oss-security/2021/06/16/2https://lists.apache.org/thread.html/r3f46ae38e4a6e80c069cdb320e0ce831b0a21a12ef0cc92c0943f34a%40%3Ccommits.tomee.apache.org%3Ehttps://lists.apache.org/thread.html/r4771084730c4cf6e59eda60b4407122c86f174eb750b24f610ba9ff4%40%3Ccommits.tomee.apache.org%3Ehttps://lists.apache.org/thread.html/r4a4b6bc0520b69c18d2a59daa6af84ae49f0c22164dccb8538794459%40%3Cannounce.apache.org%3Ehttps://lists.apache.org/thread.html/r4a4b6bc0520b69c18d2a59daa6af84ae49f0c22164dccb8538794459%40%3Cdev.cxf.apache.org%3Ehttps://lists.apache.org/thread.html/r4a4b6bc0520b69c18d2a59daa6af84ae49f0c22164dccb8538794459%40%3Cusers.cxf.apache.org%3Ehttps://lists.apache.org/thread.html/r54c0f1cbbb9f381dfbedb9ea5e90ecb1c0a15371f40c4b10322ac737%40%3Ccommits.tomee.apache.org%3Ehttps://lists.apache.org/thread.html/ra833f78b3fa577cb43558cf343859a1bf70b1c5ce2353b3877d96422%40%3Ccommits.tomee.apache.org%3Ehttps://lists.apache.org/thread.html/rac07822057521dccf33ab5d136e0e8c599a6e2c8ac75e44ffbdc6e07%40%3Ccommits.tomee.apache.org%3Ehttps://lists.apache.org/thread.html/re5b2a2b77faa22684d47bd2ac6623135c615565328ff40a1ec705448%40%3Ccommits.tomee.apache.org%3Ehttps://lists.apache.org/thread.html/re9e05c6cab5f0dcc827eba4e6fcf26fa0b493e7ca84d62c867a80d03%40%3Ccommits.tomee.apache.org%3Ehttps://security.netapp.com/advisory/ntap-20210917-0002/https://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.oracle.com/security-alerts/cpuoct2021.htmlhttp://cxf.apache.org/security-advisories.data/CVE-2021-30468.txt.aschttp://www.openwall.com/lists/oss-security/2021/06/16/2https://lists.apache.org/thread.html/r3f46ae38e4a6e80c069cdb320e0ce831b0a21a12ef0cc92c0943f34a%40%3Ccommits.tomee.apache.org%3Ehttps://lists.apache.org/thread.html/r4771084730c4cf6e59eda60b4407122c86f174eb750b24f610ba9ff4%40%3Ccommits.tomee.apache.org%3Ehttps://lists.apache.org/thread.html/r4a4b6bc0520b69c18d2a59daa6af84ae49f0c22164dccb8538794459%40%3Cannounce.apache.org%3Ehttps://lists.apache.org/thread.html/r4a4b6bc0520b69c18d2a59daa6af84ae49f0c22164dccb8538794459%40%3Cdev.cxf.apache.org%3Ehttps://lists.apache.org/thread.html/r4a4b6bc0520b69c18d2a59daa6af84ae49f0c22164dccb8538794459%40%3Cusers.cxf.apache.org%3Ehttps://lists.apache.org/thread.html/r54c0f1cbbb9f381dfbedb9ea5e90ecb1c0a15371f40c4b10322ac737%40%3Ccommits.tomee.apache.org%3Ehttps://lists.apache.org/thread.html/ra833f78b3fa577cb43558cf343859a1bf70b1c5ce2353b3877d96422%40%3Ccommits.tomee.apache.org%3Ehttps://lists.apache.org/thread.html/rac07822057521dccf33ab5d136e0e8c599a6e2c8ac75e44ffbdc6e07%40%3Ccommits.tomee.apache.org%3Ehttps://lists.apache.org/thread.html/re5b2a2b77faa22684d47bd2ac6623135c615565328ff40a1ec705448%40%3Ccommits.tomee.apache.org%3Ehttps://lists.apache.org/thread.html/re9e05c6cab5f0dcc827eba4e6fcf26fa0b493e7ca84d62c867a80d03%40%3Ccommits.tomee.apache.org%3Ehttps://security.netapp.com/advisory/ntap-20210917-0002/https://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.oracle.com/security-alerts/cpuoct2021.html