View all vulnerabilities

CVE-2013-2160

Missing XML Validation in Apache CXF

The streaming XML parser in Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to cause a denial of service (CPU and memory consumption) via crafted XML with a large number of (1) elements, (2) attributes, (3) nested constructs, and possibly other vectors.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading
Vulnerability Details
Score
Score Vector
Affected Versions
org.apache.cxf:cxf-rt-frontend-jaxrs >= 2.5.0 < 2.5.10; org.apache.cxf:cxf-rt-frontend-jaxrs >= 2.6.0 < 2.6.7; org.apache.cxf:cxf-rt-frontend-jaxrs >= 2.7.0 < 2.7.4
Severity
Ecosystem
Publish Date
May 12, 2022
Modified Date
December 5, 2024