CVE-2024-32007

An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token. 
References
Link Resource
https://lists.apache.org/thread/stwrgsr1llb73nkl16klv9vjqgmmx633 Mailing List Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*

History

01 Aug 2024, 13:51

Type Values Removed Values Added
Summary
  • (es) Una validación de entrada incorrecta del parámetro p2c en el código Apache CXF JOSE anterior a 4.0.5, 3.6.4 y 3.5.9 permite a un atacante realizar un ataque de denegación de servicio especificando un valor grande para este parámetro en un token.

19 Jul 2024, 20:22

Type Values Removed Values Added
CWE NVD-CWE-noinfo
References () https://lists.apache.org/thread/stwrgsr1llb73nkl16klv9vjqgmmx633 - () https://lists.apache.org/thread/stwrgsr1llb73nkl16klv9vjqgmmx633 - Mailing List, Vendor Advisory
First Time Apache cxf
Apache
CPE cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5

19 Jul 2024, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-19 09:15

Updated : 2024-08-01 13:51


NVD link : CVE-2024-32007

Mitre link : CVE-2024-32007

CVE.ORG link : CVE-2024-32007


JSON object : View

Products Affected

apache

  • cxf
CWE
NVD-CWE-noinfo CWE-20

Improper Input Validation

CWE-400

Uncontrolled Resource Consumption