Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-0109

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2014-0109
Last Modified 22 Apr 2015 09:59:15
Published 08 May 2014 10:29:13
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-0109

Summary

Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (memory consumption) via a large request with the Content-Type set to text/html to a SOAP endpoint, which triggers an error.

Vulnerable Systems

Application

  • Apache Cxf 2.4.0

  • Apache Cxf 2.4.1

  • Apache Cxf 2.4.2

  • Apache Cxf 2.4.3

  • Apache Cxf 2.4.4

  • Apache Cxf 2.4.5

  • Apache Cxf 2.4.6

  • Apache Cxf 2.4.7

  • Apache Cxf 2.5.0

  • Apache Cxf 2.5.1

  • Apache Cxf 2.5.2

  • Apache Cxf 2.5.3

  • Apache Cxf 2.5.4

  • Apache Cxf 2.5.5

  • Apache Cxf 2.5.6

  • Apache Cxf 2.5.7

  • Apache Cxf 2.5.8

  • Apache Cxf 2.5.9

  • Apache Cxf 2.6.0

  • Apache Cxf 2.6.1

  • Apache Cxf 2.6.10

  • Apache Cxf 2.6.11

  • Apache Cxf 2.6.12

  • Apache Cxf 2.6.13

  • Apache Cxf 2.6.2

  • Apache Cxf 2.6.3

  • Apache Cxf 2.6.4

  • Apache Cxf 2.6.5

  • Apache Cxf 2.6.6

  • Apache Cxf 2.6.7

  • Apache Cxf 2.6.8

  • Apache Cxf 2.6.9

  • Apache Cxf 2.7.0

  • Apache Cxf 2.7.1

  • Apache Cxf 2.7.10

  • Apache Cxf 2.7.2

  • Apache Cxf 2.7.3

  • Apache Cxf 2.7.4

  • Apache Cxf 2.7.5

  • Apache Cxf 2.7.6

  • Apache Cxf 2.7.7

  • Apache Cxf 2.7.8

  • Apache Cxf 2.7.9


References

CONFIRM - https://cxf.apache.org/security-advisories.data/CVE-2014-0109.txt.asc?version=1&modificationDate=1398873370740&api=v2

SECTRACK - 1030201

REDHAT - RHSA-2014:1351

REDHAT - RHSA-2015:0851

REDHAT - RHSA-2015:0850


Last Updated: 27 May 2016 11:06:38