Vulnerability in Apache Cxf
CVE-2014-0109
Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (memory consumption) via a large request with the Content-Type set to text/html to a SOAP endpoint, which triggers an error.
EPSS: 0.061 (90.9th percentile) — read the EPSS interpretation.
Affected products
- Apache Cxf — versions 2.7.0, 2.7.1, 2.7.2
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- RHSA-2015:0850 (x_refsource_REDHAT, vendor-advisory)
- RHSA-2015:0851 (x_refsource_REDHAT, vendor-advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
- 1030201 (vdb-entry, x_refsource_SECTRACK)
- RHSA-2014:1351 (x_refsource_REDHAT, vendor-advisory)
- [cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html (mailing-list, x_refsource_MLIST)
- [cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html (mailing-list, x_refsource_MLIST)
- [cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html (mailing-list, x_refsource_MLIST)
- [cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html (mailing-list, x_refsource_MLIST)
- [cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html (mailing-list, x_refsource_MLIST)
Frequently asked questions
- What is CVE-2014-0109?
- CVE-2014-0109 is a vulnerability in Apache Cxf, classified under CWE-399. Published 2014-05-08.
- Is CVE-2014-0109 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.