Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:DOS:APACHE-CXF |
|---|---|
Severity |
Major |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Apache CXF Denial Of Service |
Release Date |
2017/05/09 |
Update Number |
2887 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Apache CXF Denial Of Service
This signature detects attempts to cause a denial-of-service on Apache. A successful attack could result in complete resource consumption and ultimately causing the web server to stop responding.
Extended Description
The streaming XML parser in Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to cause a denial of service (CPU and memory consumption) via crafted XML with a large number of (1) elements, (2) attributes, (3) nested constructs, and possibly other vectors.
Affected Products
- Apache cxf 2.5.0
- Apache cxf 2.5.1
- Apache cxf 2.5.2
- Apache cxf 2.5.3
- Apache cxf 2.5.4
- Apache cxf 2.5.5
- Apache cxf 2.5.6
- Apache cxf 2.5.7
- Apache cxf 2.5.8
- Apache cxf 2.5.9
- Apache cxf 2.6.0
- Apache cxf 2.6.1
- Apache cxf 2.6.2
- Apache cxf 2.6.3
- Apache cxf 2.6.4
- Apache cxf 2.6.5
- Apache cxf 2.6.6
- Apache cxf 2.7.0
- Apache cxf 2.7.1
- Apache cxf 2.7.2
- Apache cxf 2.7.3
References
- CVE: CVE-2013-2160