Vulnerability Database
289,599
Total vulnerabilities in the database
CVE-2024-32007
An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token.
| Software | From | Fixed in |
|---|---|---|
| apache / cxf | 4.0.0 | 4.0.5 |
| apache / cxf | 3.6.0 | 3.6.4 |
| apache / cxf | - | 3.5.9 |
org.apache.cxf / cxf-rt-rs-security-jose
|
4.0.0 | 4.0.5 |
|
org.apache.cxf / cxf-rt-rs-security-jose
|
3.6.0 | 3.6.4 |
|
org.apache.cxf / cxf-rt-rs-security-jose
|
- | 3.5.9 |
- http://www.openwall.com/lists/oss-security/2024/07/18/3
- https://github.com/apache/cxf/commit/20793d3fed2e73e2785a58ec5b47403306ae4a5c
- https://github.com/apache/cxf/commit/2d2baa3455db7439bf1ed4e00edfc5a7106edf7d
- https://github.com/apache/cxf/commit/d1d77c34c199c2c87ebcfe23e3c81dccfe2e2473
- https://lists.apache.org/thread/stwrgsr1llb73nkl16klv9vjqgmmx633
- https://security.netapp.com/advisory/ntap-20240808-0009/