The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted SAML token in the authorization header of a request to a JAX-RS service.
Max CVSS
5.0
EPSS Score
1.78%
Published
2014-10-30
Updated
2021-06-16
Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (/tmp disk consumption) via a large invalid SOAP message.
Max CVSS
4.3
EPSS Score
0.61%
Published
2014-05-08
Updated
2021-06-16
Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (memory consumption) via a large request with the Content-Type set to text/html to a SOAP endpoint, which triggers an error.
Max CVSS
4.3
EPSS Score
0.61%
Published
2014-05-08
Updated
2021-06-16
3 vulnerabilities found