QwikSec

Security Database

CVE

CWE

Training

CVE-2021-30468

Published: Jun 16, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely. This issue affects Apache CXF versions prior to 3.4.4; Apache CXF versions prior to 3.3.11.

Vendor	Product	Versions
Apache Software Foundation	Apache CXF	affected `Apache CXF - < 3.4.4`

Weaknesses (CWE)

References

http://cxf.apache.org/security-advisories.data/CVE-2021-30468.txt.asc

x_refsource_MISC

[cxf-users] 20210616 CVE-2021-30468: Apache CXF Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter

mailing-list

x_refsource_MLIST

[cxf-dev] 20210616 CVE-2021-30468: Apache CXF Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter

mailing-list

x_refsource_MLIST

[announce] 20210616 CVE-2021-30468: Apache CXF Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter

mailing-list

x_refsource_MLIST

[oss-security] 20210616 CVE-2021-30468: Apache CXF Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter

mailing-list

x_refsource_MLIST

[tomee-commits] 20210705 [jira] [Created] (TOMEE-3768) TomEE plus is affected by CVE-CVE-2021-30468 vulnerability related to Apache CXF

mailing-list

x_refsource_MLIST

[tomee-commits] 20210705 [jira] [Updated] (TOMEE-3768) TomEE plus is affected by CVE-CVE-2021-30468 vulnerability related to Apache CXF

mailing-list

x_refsource_MLIST

[tomee-commits] 20210901 [jira] [Resolved] (TOMEE-3768) TomEE plus is affected by CVE-CVE-2021-30468 vulnerability related to Apache CXF

mailing-list

x_refsource_MLIST

[tomee-commits] 20210901 [jira] [Commented] (TOMEE-3768) TomEE plus is affected by CVE-CVE-2021-30468 vulnerability related to Apache CXF

mailing-list

x_refsource_MLIST

[tomee-commits] 20210913 [jira] [Commented] (TOMEE-3768) TomEE plus is affected by CVE-CVE-2021-30468 vulnerability related to Apache CXF

mailing-list

x_refsource_MLIST

[tomee-commits] 20210913 [jira] [Updated] (TOMEE-3768) TomEE plus is affected by CVE-CVE-2021-30468 vulnerability related to Apache CXF

mailing-list

x_refsource_MLIST

[tomee-commits] 20210913 [jira] [Reopened] (TOMEE-3768) TomEE plus is affected by CVE-CVE-2021-30468 vulnerability related to Apache CXF

mailing-list

x_refsource_MLIST

https://www.oracle.com/security-alerts/cpuoct2021.html

x_refsource_MISC

https://security.netapp.com/advisory/ntap-20210917-0002/

x_refsource_CONFIRM

https://www.oracle.com/security-alerts/cpuapr2022.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.