CVE Reference: CVE-2013-2160

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2013-2160

Description:
The streaming XML parser in Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to cause a denial of service (CPU and memory consumption) via crafted XML with a large number of (1) elements, (2) attributes, (3) nested constructs, and possibly other vectors.

CVE Status:
Candidate

References:

REDHAT
  http://rhn.redhat.com/errata/RHSA-2013-1028.html
  http://rhn.redhat.com/errata/RHSA-2013-1437.html

MISC
  http://jira.codehaus.org/browse/WSTX-287
  http://jira.codehaus.org/browse/WSTX-285

CONFIRM


Return to the previous page.