Bug 1093526 (CVE-2014-0109)
| Summary: | CVE-2014-0109 Apache CXF: HTML content posted to SOAP endpoint could cause OOM errors | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Arun Babu Neelicattu <aneelica> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | aileenc, alazarot, anil.saldhana, bbaranow, bdawidow, bleanhar, brms-jira, ccoleman, cdewolf, chazlett, dandread, darran.lofthouse, dmcphers, epp-bugs, etirelli, grocha, gvarsami, hfnukal, jason.greene, jawilson, jcoleman, jdetiber, jialiu, jkeck, jokerman, jpallich, jrusnack, kconner, kseifried, ldimaggi, lgao, lmeyer, lpetrovi, mbaluch, mgoldman, mmccomas, mwinkler, myarboro, nwallace, pavelp, pcheung, pgier, pslavice, rrajasek, rsvoboda, rwagner, rzhang, soa-p-jira, tcunning, theute, tkirby, twalsh, vtunka, weli |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | cxf 2.6.14, cxf 2.7.11 | Doc Type: | Bug Fix |
| Doc Text: |
A denial of service flaw was found in the way Apache CXF created error messages for certain POST requests. A remote attacker could send a specially crafted request which, when processed by an application using Apache CXF, could consume an excessive amount of memory on the system, possibly triggering an Out Of Memory (OOM) error.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-07-08 22:32:18 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1095542, 1095543, 1095544, 1095545, 1095546, 1095547, 1095548, 1095549, 1166935, 1166936, 1166945, 1167713 | ||
| Bug Blocks: | 1059445, 1082938, 1093534, 1108493, 1210482 | ||
|
Description
Arun Babu Neelicattu
2014-05-02 01:40:15 UTC
Created cxf tracking bugs for this issue: Affects: fedora-all [bug 1095542] This issue has been addressed in following products: Red Hat JBoss Enterprise Application Platform 6.2.4 Via RHSA-2014:0797 https://rhn.redhat.com/errata/RHSA-2014-0797.html This issue has been addressed in following products: JBEAP 6.2 for RHEL 5 Via RHSA-2014:0798 https://rhn.redhat.com/errata/RHSA-2014-0798.html This issue has been addressed in following products: JBEAP 6.2 for RHEL 6 Via RHSA-2014:0799 https://rhn.redhat.com/errata/RHSA-2014-0799.html IssueDescription: A denial of service flaw was found in the way Apache CXF created error messages for certain POST requests. A remote attacker could send a specially crafted request which, when processed by an application using Apache CXF, could consume an excessive amount of memory on the system, possibly triggering an Out Of Memory (OOM) error. This issue has been addressed in the following products: Red Hat JBoss Fuse/A-MQ 6.1.0 Via RHSA-2014:1351 https://rhn.redhat.com/errata/RHSA-2014-1351.html This issue has been addressed in the following products: JBoss BPM Suite 6.1.0 Via RHSA-2015:0851 https://rhn.redhat.com/errata/RHSA-2015-0851.html This issue has been addressed in the following products: JBoss BRMS 6.1.0 Via RHSA-2015:0850 https://rhn.redhat.com/errata/RHSA-2015-0850.html This issue has been addressed in the following products: JBoss Portal 6.2.0 Via RHSA-2015:1009 https://rhn.redhat.com/errata/RHSA-2015-1009.html |