Homepage

org.apache.cxf:cxf-rt-frontend-jaxrs@2.4.8 vulnerabilities

  • latest version

    4.1.0

  • latest non vulnerable version

    4.1.0

  • first published

    16 years ago

  • latest version published

    1 months ago

  • licenses detected

  • package manager

    View on Maven Repository
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the org.apache.cxf:cxf-rt-frontend-jaxrs package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Denial of Service (DoS)

    org.apache.cxf:cxf-rt-frontend-jaxrs is an Apache CXF Runtime JAX-RS Frontend

    Affected versions of this package are vulnerable to Denial of Service (DoS). Apache CXF supports sending and receiving attachments via either the JAX-WS or JAX-RS specifications. It is possible to craft a message attachment header that could lead to a Denial of Service (DoS) attack on a CXF web service provider. Both JAX-WS and JAX-RS services are vulnerable to this attack. From Apache CXF 3.2.1 and 3.1.14, message attachment headers that are greater than 300 characters will be rejected by default. This value is configurable via the property attachment-max-header-size.

    How to fix Denial of Service (DoS)?

    Upgrade org.apache.cxf:cxf-rt-frontend-jaxrs to version 3.1.14, 3.2.1 or higher.

    [,3.1.14)[3.2.0,3.2.1)
    Go back to all versions of this package