oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2024-32007: Apache CXF Denial of Service vulnerability in JOSE

From: Colm O hEigeartaigh <coheigea () apache org>
Date: Thu, 18 Jul 2024 16:49:25 +0100
CVE-2024-32007: Apache CXF Denial of Service vulnerability in JOSE

Severity: moderate

Affected versions:

- Apache CXF before 4.0.5, 3.6.4, 3.5.9

Description:

An improper input validation of the p2c parameter in the Apache CXF
JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform
a denial of service attack by specifying a large value for this
parameter in a token.

Credit:

Jingcheng Yang and Jianjun Chen from Sichuan University and
Zhongguancun Lab. (finder)

References:

https://cxf.apache.org/
https://www.cve.org/CVERecord?id=CVE-2024-32007
Previous By Date Next
Previous By Thread Next

Current thread: