CVE-2014-0110 – CXF: Large invalid content could cause temporary space to fill
https://notcve.org/view.php?id=CVE-2014-0110
Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (/tmp disk consumption) via a large invalid SOAP message. Apache CXF anterior a 2.6.14 y 2.7.x anterior a 2.7.11 permite a atacantes remotos causar una denegación de servicio (consumo de disco /tmp) a través de un mensaje SOAP grande inválido. It was found that when a large invalid SOAP message was processed by Apache CXF, it could be saved to a temporary file in the /tmp directory. A remote attacker could send a specially crafted SOAP message that, when processed by an application using Apache CXF, would use an excessive amount of disk space, possibly causing a denial of service. • http://cxf.apache.org/security-advisories.data/CVE-2014-0110.txt.asc?version=1&modificationDate=1398873378628&api=v2 http://rhn.redhat.com/errata/RHSA-2014-1351.html http://rhn.redhat.com/errata/RHSA-2015-0850.html http://rhn.redhat.com/errata/RHSA-2015-0851.html http://www.securitytracker.com/id/1030202 https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40 • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •
CVE-2013-2160 – Apache CXF < 2.5.10/2.6.7/2.7.4 - Denial of Service
https://notcve.org/view.php?id=CVE-2013-2160
The streaming XML parser in Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to cause a denial of service (CPU and memory consumption) via crafted XML with a large number of (1) elements, (2) attributes, (3) nested constructs, and possibly other vectors. El analizador de secuencias XML en Apache CXF versiones 2.5.x anteriores a 2.5.10, versiones 2.6.x anteriores a 2.6.7 y versiones 2.7.x anteriores a 2.7.4, permite a los atacantes remotos causar una denegación de servicio (consumo de CPU y memoria) por medio de XML diseñado con un gran número de (1) elementos, (2) atributos, (3) construcciones anidadas y posiblemente otros vectores. Apache CXF versions prior to 2.5.10, 2.6.7, and 2.7.4 suffer from a denial of service vulnerability. • https://www.exploit-db.com/exploits/26710 http://jira.codehaus.org/browse/WSTX-285 http://jira.codehaus.org/browse/WSTX-287 http://rhn.redhat.com/errata/RHSA-2013-1028.html http://rhn.redhat.com/errata/RHSA-2013-1437.html https://bugzilla.redhat.com/show_bug.cgi?id=929197 https://cxf.apache.org/security-advisories.data/CVE-2013-2160.txt.asc https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E https://lists.apache.o • CWE-399: Resource Management Errors •
CVE-2012-5575 – apache-cxf: XML encryption backwards compatibility attacks
https://notcve.org/view.php?id=CVE-2012-5575
Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic algorithms than intended and makes it easier to decrypt communications, aka "XML Encryption backwards compatibility attack." Apache CXF en versiones 2.5.x anteriores a la 2.5.10, 2.6.x anteriores a CXF 2.6.7 y 2.7.x anteriores a CXF 2.7.4 no verifica que un algoritmo criptográfico específico esté permitido por la definición de WS-SecurityPolicy AlgorithmSuite antes del descifrado, lo que permite a los atacantes remotos forzar a CXF a usar algoritmos criptográficos más débiles que los previstos y facilita el descifrado de las comunicaciones. Esto también se conoce como "XML Encryption backwards compatibility attack". • https://github.com/tafamace/CVE-2012-5575 http://cxf.apache.org/cve-2012-5575.html http://rhn.redhat.com/errata/RHSA-2013-0833.html http://rhn.redhat.com/errata/RHSA-2013-0834.html http://rhn.redhat.com/errata/RHSA-2013-0839.html http://rhn.redhat.com/errata/RHSA-2013-0873.html http://rhn.redhat.com/errata/RHSA-2013-0874.html http://rhn.redhat.com/errata/RHSA-2013-0875.html http://rhn.redhat.com/errata/RHSA-2013-0876.html http://rhn.redhat.com/errata • CWE-310: Cryptographic Issues CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2013-0239 – apache-cxf: UsernameTokenPolicyValidator and UsernameTokenInterceptor allow empty passwords to authenticate
https://notcve.org/view.php?id=CVE-2013-0239
Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element. Apache CXF anterior a v2.5.9, v2.6.x anterior a v2.6.6, y v2.7.x anterior a v2.7.3, cuando está activado sernameToken WS-SecurityPolicy en texto plano, permite a atacantes remotos evitar la autenticación a través de una cabecera de seguridad de una petición SOAP que contiene un elemento UsernameToken que carece de contraseña en el elemento hijo. • http://cxf.apache.org/cve-2013-0239.html http://osvdb.org/90078 http://packetstormsecurity.com/files/120214/Apache-CXF-WS-Security-UsernameToken-Bypass.html http://rhn.redhat.com/errata/RHSA-2013-0749.html http://seclists.org/fulldisclosure/2013/Feb/39 http://secunia.com/advisories/51988 http://svn.apache.org/viewvc?view=revision&revision=1438424 http://www.securityfocus.com/bid/57876 https://exchange.xforce.ibmcloud.com/vulnerabilities/81981 https://lists.apache.org/thread.html/r36e • CWE-287: Improper Authentication •
CVE-2012-5633 – apache-cxf: Bypass of security constraints on WS endpoints when using WSS4JInInterceptor
https://notcve.org/view.php?id=CVE-2012-5633
The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request. El URIMappingInterceptor en Apache CXF anterior a v2.5.8, v2.6.x anterior a v2.6.5, y v2.7.x anterior a v2.7.2, cuando utiliza el WSS4JInInterceptor, evita el procesamiento de WS-Security, lo que permite a atacantes remotos obtener acceso a los servicios SOAP mediante una petición HTTP GET. • http://cxf.apache.org/cve-2012-5633.html http://osvdb.org/90079 http://packetstormsecurity.com/files/120213/Apache-CXF-WS-Security-URIMappingInterceptor-Bypass.html http://rhn.redhat.com/errata/RHSA-2013-0256.html http://rhn.redhat.com/errata/RHSA-2013-0257.html http://rhn.redhat.com/errata/RHSA-2013-0258.html http://rhn.redhat.com/errata/RHSA-2013-0259.html http://rhn.redhat.com/errata/RHSA-2013-0726.html http://rhn.redhat.com/errata/RHSA-2013-0743.html http://r • CWE-287: Improper Authentication •