CVE-2024-32007

Published: Jul 19, 2024

Modified: Sep 13, 2024

PUBLISHED

Description

An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token.

Vendor	Product	Versions
Apache Software Foundation	Apache CXF	affected `0 - < 4.0.5, 3.6.4, 3.5.9`

Weaknesses (CWE)

CWE-400

CWE-20

References

https://lists.apache.org/thread/stwrgsr1llb73nkl16klv9vjqgmmx633

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-32007

Description

Affected Products

Weaknesses (CWE)

References