CVE Vulnerabilities

CVE-2013-2160

Published: Aug 19, 2013 | Modified: Apr 11, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
5 MODERATE
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V3
Ubuntu
root.io minimus.io echohq.com

The streaming XML parser in Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to cause a denial of service (CPU and memory consumption) via crafted XML with a large number of (1) elements, (2) attributes, (3) nested constructs, and possibly other vectors.

Affected Software

Name Vendor Start Version End Version
Cxf Apache 2.5.0 (including) 2.5.0 (including)
Cxf Apache 2.5.1 (including) 2.5.1 (including)
Cxf Apache 2.5.2 (including) 2.5.2 (including)
Cxf Apache 2.5.3 (including) 2.5.3 (including)
Cxf Apache 2.5.4 (including) 2.5.4 (including)
Cxf Apache 2.5.5 (including) 2.5.5 (including)
Cxf Apache 2.5.6 (including) 2.5.6 (including)
Cxf Apache 2.5.7 (including) 2.5.7 (including)
Cxf Apache 2.5.8 (including) 2.5.8 (including)
Cxf Apache 2.5.9 (including) 2.5.9 (including)
Cxf Apache 2.6.0 (including) 2.6.0 (including)
Cxf Apache 2.6.1 (including) 2.6.1 (including)
Cxf Apache 2.6.2 (including) 2.6.2 (including)
Cxf Apache 2.6.3 (including) 2.6.3 (including)
Cxf Apache 2.6.4 (including) 2.6.4 (including)
Cxf Apache 2.6.5 (including) 2.6.5 (including)
Cxf Apache 2.6.6 (including) 2.6.6 (including)
Cxf Apache 2.7.0 (including) 2.7.0 (including)
Cxf Apache 2.7.1 (including) 2.7.1 (including)
Cxf Apache 2.7.2 (including) 2.7.2 (including)
Cxf Apache 2.7.3 (including) 2.7.3 (including)
Fuse ESB Enterprise 7.1.0 RedHat *
Red Hat JBoss Fuse 6.0 RedHat *
Red Hat JBoss Portal Platform 6.1 RedHat cxf *

References