IBM Security Guardium has fixed this vulnerability
CVEID:CVE-2017-12624
**DESCRIPTION:**Apache CXF is vulnerable to a denial of service. By using a specially crafted message attachment header, a remote attacker could exploit this vulnerability to cause the AX-WS and JAX-RS services stop responding.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/135095 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
CVEID:CVE-2018-8039
**DESCRIPTION:**Apache CXF could allow a remote attacker to conduct a man-in-the-middle attack. The TLS hostname verification does not work correctly with com.sun.net.ssl interface. An attacker could exploit this vulnerability to launch a man-in-the-middle attack.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/145516 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Security Guardium | 11.1 |
IBM Security Guardium| 11.2
Product | Versions | Fix |
---|---|---|
IBM Security Guardium | 11.1 | |
https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=IBM%20Sec… | ||
IBM Security Guardium | 11.2 | |
http://www.ibm.com/support/fixcentral/swg/quickorder?parent=Drupal%20in… |
None