Vulnerability	Vulnerable Version
H Denial of Service (DoS) org.apache.cxf:cxf-core is an an open source services framework. CXF helps you build and develop services using frontend programming APIs, like JAX-WS and JAX-RS. Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper handling of `CachedOutputStream` instances. An attacker can cause the server or client to exhaust disk space, leading to a denial of service by repeatedly triggering the creation of temporary files that are not properly closed. Note: This is only exploitable if the server or client is configured to use `CachedOutputStream` backed by temporary files. How to fix Denial of Service (DoS)? Upgrade `org.apache.cxf:cxf-core` to version 3.5.10, 3.6.5, 4.0.6 or higher.	[,3.5.10)[3.6.0,3.6.5)[4.0.0,4.0.6)

Denial of Service (DoS)

org.apache.cxf:cxf-core is an an open source services framework. CXF helps you build and develop services using frontend programming APIs, like JAX-WS and JAX-RS.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper handling of CachedOutputStream instances. An attacker can cause the server or client to exhaust disk space, leading to a denial of service by repeatedly triggering the creation of temporary files that are not properly closed.

Note:

This is only exploitable if the server or client is configured to use CachedOutputStream backed by temporary files.

How to fix Denial of Service (DoS)?

Upgrade org.apache.cxf:cxf-core to version 3.5.10, 3.6.5, 4.0.6 or higher.

[,3.5.10)[3.6.0,3.6.5)[4.0.0,4.0.6)

Go back to all versions of this package