CVE-2014-3584

CWE-399 CWE-835 CWE-1307 documents6 sources

Severity

5.0MEDIUM

EPSS

5.6%

top 9.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache CXF

Timeline

PublishedOct 30

Latest updateMay 13

Description

The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted SAML token in the authorization header of a request to a JAX-RS service.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶Mavenorg.apache.cxf:cxf-rt-frontend-jaxrs2.5.0 — 2.6.11+2

▶NVDapache/cxf2.6.10+10

🔴Vulnerability Details

GHSA

Loop with Unreachable Exit Condition in Apache CXF↗2022-05-13

▶

OSV

Loop with Unreachable Exit Condition in Apache CXF↗2022-05-13

▶

CVEList

CVE-2014-3584: The SamlHeaderInHandler in Apache CXF before 2↗2014-10-30

▶

📋Vendor Advisories

Red Hat

CXF: Denial of Service (DoS) via invalid JAX-RS SAML tokens↗2014-10-25

▶

💬Community

Bugzilla

CVE-2014-3584 Apache CXF: Denial of Service (DoS) via invalid JAX-RS SAML tokens↗2014-10-27

▶

Bugzilla

CVE-2014-3584 CVE-2014-3623 cxf: various flaws [fedora-all]↗2014-10-27

▶