CVE-2017-12624

cxf: Improper size validation in message attachment header for JAX-WS and JAX-RS services

Severity Score

5.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Apache CXF supports sending and receiving attachments via either the JAX-WS or JAX-RS specifications. It is possible to craft a message attachment header that could lead to a Denial of Service (DoS) attack on a CXF web service provider. Both JAX-WS and JAX-RS services are vulnerable to this attack. From Apache CXF 3.2.1 and 3.1.14, message attachment headers that are greater than 300 characters will be rejected by default. This value is configurable via the property "attachment-max-header-size".

Apache CXF es compatible con el envío y la recepción de archivos adjuntos mediante las especificaciones JAX-WS o JAX-RS. Es posible manipular una cabecera de adjunto de mensaje que podría conducir a un ataque de denegación de servicio (DoS) en un proveedor de servicios web de CXF. Tanto los servicios JAX-WS como JAX-RS son vulnerables a este ataque. Desde las versiones 3.2.1 y 3.1.14 de Apache CXF, la cabeceras de adjunto de mensaje de más de 300 caracteres se rechazarán por defecto. Este valor puede configurarse mediante la propiedad "attachment-max-header-size".

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-08-07 CVE Reserved
2017-11-14 CVE Published
2018-11-19 First Exploit
2024-08-12 EPSS Updated
2024-09-17 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-20: Improper Input Validation

CAPEC

References (16)

URL	Tag	Source
http://www.securityfocus.com/bid/101859	Third Party Advisory
http://www.securitytracker.com/id/1040486	Third Party Advisory
https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E	Mailing List

URL	Date	SRC
https://github.com/tafamace/CVE-2017-12624	2018-11-19

URL	Date	SRC

URL	Date	SRC
http://cxf.apache.org/security-advisories.data/CVE-2017-12624.txt.asc	2023-11-07
https://access.redhat.com/errata/RHSA-2018:2423	2023-11-07
https://access.redhat.com/errata/RHSA-2018:2424	2023-11-07
https://access.redhat.com/errata/RHSA-2018:2425	2023-11-07
https://access.redhat.com/errata/RHSA-2018:2428	2023-11-07
https://access.redhat.com/security/cve/CVE-2017-12624	2018-08-15
https://bugzilla.redhat.com/show_bug.cgi?id=1515976	2018-08-15

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Apache Search vendor "Apache"		Cxf Search vendor "Apache" for product "Cxf"				>= 3.0.0 < 3.0.16 Search vendor "Apache" for product "Cxf" and version " >= 3.0.0 < 3.0.16"		-		Affected
Apache Search vendor "Apache"		Cxf Search vendor "Apache" for product "Cxf"				>= 3.1.0 < 3.1.14 Search vendor "Apache" for product "Cxf" and version " >= 3.1.0 < 3.1.14"		-		Affected
Apache Search vendor "Apache"		Cxf Search vendor "Apache" for product "Cxf"				>= 3.2.0 < 3.2.1 Search vendor "Apache" for product "Cxf" and version " >= 3.2.0 < 3.2.1"		-		Affected