首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service 来源：https://www.sec-consult.com 作者：secConsult 发布时间：2013-07-11   SEC Consult Vulnerability Lab Security Advisory < 20130709-0 > =======================================================================               title: Denial of service vulnerability             product: Apache CXF vulnerable version: Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4       fixed version: Apache CXF 2.5.10, 2.6.7 and 2.7.4 onwards          CVE number: CVE-2013-2160              impact: Critical            homepage: http://cxf.apache.org/               found: 2013-02-01                  by: Andreas Falkenberg, SEC Consult Vulnerability Lab                      Christian Mainka, Ruhr-University Bochum                      Juraj Somorovsky, Ruhr-University Bochum                      Joerg Schwenk, Ruhr-University Bochum                      https://www.sec-consult.com ======================================================================= Vendor/product description: ------------------------------------------------------------------------------ "Apache CXF is an open source services framework. CXF helps you build and develop services using frontend programming APIs, like JAX-WS and JAX-RS. These services can speak a variety of protocols such as SOAP, XML/HTTP, RESTful HTTP, or CORBA and work over a variety of transports such as HTTP, JMS or JBI." URL: http://cxf.apache.org/ Business recommendation: ------------------------------------------------------------------------------ Various denial of service attack vectors were found within Apache CXF. The recommendation of SEC Consult is to immediately perform an update. Vulnerability overview/description: ------------------------------------------------------------------------------ It is possible to execute Denial of Service attacks on Apache CXF, exploiting the fact that the streaming XML parser does not put limits on things like the number of elements, number of attributes, the nested structure of the document received, etc. The effects of these attacks can vary from causing high CPU usage, to causing the JVM to run out of memory. URL: http://cxf.apache.org/security-advisories.data/CVE-2013-2160.txt.asc Proof of concept: ------------------------------------------------------------------------------ The following SOAP message will trigger a denial of service: <?xml version="1.0"?> <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope";>   <soap:Body>         <element>                 <element>                         <element>                                 <element>                                         [thousands more]                                 </element>                         </element>                 </element>         </element>                </soap:Body> </soap:Envelope> There are various other XML payloads that will also trigger a denial of service on vulnerable services. Vulnerable / tested versions: ------------------------------------------------------------------------------ This vulnerability affects all versions of Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4. Vendor contact timeline: ------------------------------------------------------------------------------ 2013-02-22: Advisory sent to vendor by Juraj Somorovsky (RUB) 2013-02-22: Advisory acknowledged by vendor 2013-04-19: Vendor confirms vulnerability 2013-05-15: Vendor publishes fixed version 2013-06-27: Vulnerability is disclosed by vendor 2013-07-09: SEC Consult releases security advisory Solution: ------------------------------------------------------------------------------ CXF 2.5.x users should upgrade to 2.5.10 or later as soon as possible. CXF 2.6.x users should upgrade to 2.6.7 or later as soon as possible. CXF 2.7.x users should upgrade to 2.7.4 or later as soon as possible. Also see the advisory of the vendor: http://cxf.apache.org/security-advisories.data/CVE-2013-2160.txt.asc Workaround: ------------------------------------------------------------------------------ No workaround available. Advisory URL: ------------------------------------------------------------------------------ https://www.sec-consult.com/en/Vulnerability-Lab/Advisories.htm ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SEC Consult Vulnerability Lab SEC Consult Vienna - Bangkok - Frankfurt/Main - Montreal - Singapore - Vilnius Headquarter: Mooslackengasse 17, 1190 Vienna, Austria Phone:   +43 1 8903043 0 Fax:     +43 1 8903043 15 Mail: research at sec-consult dot com Web: https://www.sec-consult.com Blog: http://blog.sec-consult.com Twitter: https://twitter.com/sec_consult EOF Andreas Falkenberg / @2013   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·SikaBoom Remote Buffer overflo ·Jolix Media Player 1.1.0 (.m3u ·ERS Viewer 2013 ERS File Handl ·nginx 1.3.9/1.4.0 x86 Brute Fo ·Solaris Recommended Patch Clus ·Ultra Mini HTTPD 1.21 - Stack ·Google Chrome 25.0.1364.152 HT ·Tri-PLC Nano-10 r81 - Denial o ·AOL Instant Messenger 8.0.1.5 ·Corel PDF Fusion Stack Buffer ·OpenNetAdmin 13.03.01 Remote C ·Microsoft Windows Authenticate   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved