Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveRedhatCVE-2013-2160
HistoryAug 19, 2013 - 11:55 p.m.

CVE-2013-2160

2013-08-1923:55:08
CWE-399
redhat
web.nvd.nist.gov
60
cve-2013-2160
apache cxf
xml parser
denial of service
nvd

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

7

Confidence

High

EPSS

0.053

Percentile

93.2%

JSON

The streaming XML parser in Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to cause a denial of service (CPU and memory consumption) via crafted XML with a large number of (1) elements, (2) attributes, (3) nested constructs, and possibly other vectors.

Affected configurations

Nvd
Node
apachecxfMatch2.5.0
OR
apachecxfMatch2.5.1
OR
apachecxfMatch2.5.2
OR
apachecxfMatch2.5.3
OR
apachecxfMatch2.5.4
OR
apachecxfMatch2.5.5
OR
apachecxfMatch2.5.6
OR
apachecxfMatch2.5.7
OR
apachecxfMatch2.5.8
OR
apachecxfMatch2.5.9
OR
apachecxfMatch2.6.0
OR
apachecxfMatch2.6.1
OR
apachecxfMatch2.6.2
OR
apachecxfMatch2.6.3
OR
apachecxfMatch2.6.4
OR
apachecxfMatch2.6.5
OR
apachecxfMatch2.6.6
OR
apachecxfMatch2.7.0
OR
apachecxfMatch2.7.1
OR
apachecxfMatch2.7.2
OR
apachecxfMatch2.7.3
VendorProductVersionCPE
apachecxf2.5.0cpe:2.3:a:apache:cxf:2.5.0:*:*:*:*:*:*:*
apachecxf2.5.1cpe:2.3:a:apache:cxf:2.5.1:*:*:*:*:*:*:*
apachecxf2.5.2cpe:2.3:a:apache:cxf:2.5.2:*:*:*:*:*:*:*
apachecxf2.5.3cpe:2.3:a:apache:cxf:2.5.3:*:*:*:*:*:*:*
apachecxf2.5.4cpe:2.3:a:apache:cxf:2.5.4:*:*:*:*:*:*:*
apachecxf2.5.5cpe:2.3:a:apache:cxf:2.5.5:*:*:*:*:*:*:*
apachecxf2.5.6cpe:2.3:a:apache:cxf:2.5.6:*:*:*:*:*:*:*
apachecxf2.5.7cpe:2.3:a:apache:cxf:2.5.7:*:*:*:*:*:*:*
apachecxf2.5.8cpe:2.3:a:apache:cxf:2.5.8:*:*:*:*:*:*:*
apachecxf2.5.9cpe:2.3:a:apache:cxf:2.5.9:*:*:*:*:*:*:*
Rows per page:
1-10 of 211

References

Related

nessus 3
openvas 13
fedora 6
osv 1
cvelist 1
mageia 1
prion 1
seebug 2
threatpost 1
securityvulns 1
exploitdb 1
zdt 1
packetstorm 1
exploitpack 1
github 1
nvd 1
redhat 2
f5 2
ibm 1
nessus
nessus
Fedora 18 : cxf-2.6.9-1.fc18 / jacorb-2.3.1-8.fc18 / wss4j-1.6.10-1.fc18 (2013-14159)
2013-08-12 00:00:00
Fedora 19 : cxf-2.6.9-1.fc19 / jacorb-2.3.1-8.fc19 / wss4j-1.6.10-1.fc19 (2013-14106)
2013-08-12 00:00:00
JBoss Portal 6.1.0 Update (RHSA-2013:1437)
2014-01-31 00:00:00
openvas
openvas
Fedora Update for cxf FEDORA-2013-14159
2013-08-12 00:00:00
Fedora Update for jacorb FEDORA-2013-14106
2013-08-20 00:00:00
Fedora Update for wss4j FEDORA-2013-14106
2013-08-20 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: cxf-2.6.9-1.fc18
2013-08-10 20:01:35
[SECURITY] Fedora 19 Update: wss4j-1.6.10-1.fc19
2013-08-10 20:05:12
[SECURITY] Fedora 19 Update: jacorb-2.3.1-8.fc19
2013-08-10 20:05:12
osv
osv
Missing XML Validation in Apache CXF
2022-05-13 01:09:20
cvelist
cvelist
CVE-2013-2160
2013-08-19 23:00:00
mageia
mageia
Updated cxf, wss4j, and jacorb packages fix security vulnerability
2014-01-06 04:49:54
prion
prion
Code injection
2013-08-19 23:55:00
seebug
seebug
Apache CXF倚δΈͺθΏœη¨‹ζ‹’η»ζœεŠ‘ζΌζ΄ž(CVE-2013-2160)
2013-07-11 00:00:00
Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
2014-07-01 00:00:00
threatpost
threatpost
Apache CXF Denial of Service Vulnerabilities Patched
2013-07-09 13:55:48
securityvulns
securityvulns
SEC Consult SA-20130709-0 :: Denial of service vulnerability in Apache CXF
2013-07-15 00:00:00
exploitdb
exploitdb
Apache CXF < 2.5.10/2.6.7/2.7.4 - Denial of Service
2013-07-09 00:00:00
zdt
zdt
Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
2013-07-10 00:00:00
packetstorm
packetstorm
Apache CXF 2.5.10 / 2.6.7 / 2.7.4 Denial Of Service
2013-07-09 00:00:00
exploitpack
exploitpack
Apache CXF 2.5.102.6.72.7.4 - Denial of Service
2013-07-09 00:00:00
github
github
Missing XML Validation in Apache CXF
2022-05-13 01:09:20
nvd
nvd
CVE-2013-2160
2013-08-19 23:55:08
redhat
redhat
(RHSA-2013:1185) Important: Red Hat JBoss Fuse 6.0.0 patch 2
2013-08-29 00:00:00
(RHSA-2013:1028) Important: Fuse ESB Enterprise 7.1.0 update
2013-07-09 00:00:00
f5
f5
SOL15580 - Apache CXF and JBoss vulnerabilities
2014-09-11 00:00:00
K15580 : Apache CXF and JBoss vulnerabilities
2014-09-11 00:00:00
ibm
ibm
Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerability
2019-07-19 16:20:01

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

7

Confidence

High

EPSS

0.053

Percentile

93.2%

JSON
Related for CVE-2013-2160
nessus3openvas13fedora6osv1cvelist1mageia1prion1seebug2threatpost1securityvulns1exploitdb1zdt1packetstorm1exploitpack1github1nvd1redhat2f52ibm1