A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system (it applies to servers and clients).
Hay una posible vulnerabilidad de denegación de servicio presente en versiones de Apache CXF anteriores a 3.5.10, 3.6.5 y 4.0.6. En algunos casos extremos, es posible que las instancias de CachedOutputStream no se cierren y, si están respaldadas por archivos temporales, pueden llenar el archivo sistema (se aplica a servidores y clientes).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | NONE |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | NONE |
| Integrity Impact | NONE |
| Availability Impact | HIGH |
| Source | Type | Description |
|---|---|---|
| [email protected] | Secondary |
en
CWE-400
|
| [email protected] | Primary |
en
NVD-CWE-noinfo
|
| Vendor | Product | Version | Update | Type |
|---|---|---|---|---|
| apache | cxf | * | <built-in method update of dict object at 0x72a9b0db4600> | Application |
| apache | cxf | * | <built-in method update of dict object at 0x72a9b0db6fc0> | Application |
| apache | cxf | * | <built-in method update of dict object at 0x72a9b0736f40> | Application |
| Vulnerable | CPE |
|---|---|
| Yes | cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:* |
| Yes | cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:* |