CVE Vulnerabilities

CVE-2013-2160

Published: Aug 19, 2013 | Modified: Nov 07, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

The streaming XML parser in Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to cause a denial of service (CPU and memory consumption) via crafted XML with a large number of (1) elements, (2) attributes, (3) nested constructs, and possibly other vectors.

Affected Software

Name Vendor Start Version End Version
Cxf Apache 2.5.2 2.5.2
Cxf Apache 2.5.9 2.5.9
Cxf Apache 2.6.0 2.6.0
Cxf Apache 2.5.3 2.5.3
Cxf Apache 2.7.3 2.7.3
Cxf Apache 2.5.7 2.5.7
Cxf Apache 2.6.2 2.6.2
Cxf Apache 2.5.0 2.5.0
Cxf Apache 2.5.1 2.5.1
Cxf Apache 2.5.5 2.5.5
Cxf Apache 2.5.8 2.5.8
Cxf Apache 2.6.5 2.6.5
Cxf Apache 2.7.0 2.7.0
Cxf Apache 2.6.6 2.6.6
Cxf Apache 2.6.3 2.6.3
Cxf Apache 2.5.6 2.5.6
Cxf Apache 2.6.4 2.6.4
Cxf Apache 2.6.1 2.6.1
Cxf Apache 2.7.1 2.7.1
Cxf Apache 2.5.4 2.5.4
Cxf Apache 2.7.2 2.7.2

References