首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4 - Denial of Service
来源:https://www.sec-consult.com 作者:secConsult 发布时间:2013-07-11  
SEC Consult Vulnerability Lab Security Advisory < 20130709-0 >
=======================================================================
              title: Denial of service vulnerability
            product: Apache CXF
vulnerable version: Apache CXF prior to 2.5.10, 2.6.7 and 2.7.4
      fixed version: Apache CXF 2.5.10, 2.6.7 and 2.7.4 onwards
         CVE number: CVE-2013-2160
             impact: Critical
           homepage: http://cxf.apache.org/
              found: 2013-02-01
                 by: Andreas Falkenberg, SEC Consult Vulnerability Lab
                     Christian Mainka, Ruhr-University Bochum
                     Juraj Somorovsky, Ruhr-University Bochum
                     Joerg Schwenk, Ruhr-University Bochum
                     https://www.sec-consult.com
=======================================================================

Vendor/product description:
------------------------------------------------------------------------------
"Apache CXF is an open source services framework. CXF helps you build and
develop services using frontend programming APIs, like JAX-WS and JAX-RS.
These services can speak a variety of protocols such as SOAP, XML/HTTP,
RESTful HTTP, or CORBA and work over a variety of transports such as HTTP,
JMS or JBI."

URL: http://cxf.apache.org/


Business recommendation:
------------------------------------------------------------------------------
Various denial of service attack vectors were found within Apache CXF.
The recommendation of SEC Consult is to immediately perform an update.



Vulnerability overview/description:
------------------------------------------------------------------------------
It is possible to execute Denial of Service attacks on Apache CXF, exploiting
the fact that the streaming XML parser does not put limits on things like the
number of elements, number of attributes, the nested structure of the document
received, etc. The effects of these attacks can vary from causing high CPU
usage, to causing the JVM to run out of memory.
URL: http://cxf.apache.org/security-advisories.data/CVE-2013-2160.txt.asc


Proof of concept:
------------------------------------------------------------------------------
The following SOAP message will trigger a denial of service:

<?xml version="1.0"?>
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope";>
  <soap:Body>
        <element>
                <element>
                        <element>
                                <element>
                                        [thousands more]
                                </element>
                        </element>
                </element>
        </element>             
  </soap:Body>
</soap:Envelope>

There are various other XML payloads that will also trigger a denial of
service on vulnerable services.


Vulnerable / tested versions:
------------------------------------------------------------------------------
This vulnerability affects all versions of Apache CXF prior to 2.5.10, 2.6.7
and 2.7.4.


Vendor contact timeline:
------------------------------------------------------------------------------
2013-02-22: Advisory sent to vendor by Juraj Somorovsky (RUB)
2013-02-22: Advisory acknowledged by vendor
2013-04-19: Vendor confirms vulnerability
2013-05-15: Vendor publishes fixed version
2013-06-27: Vulnerability is disclosed by vendor
2013-07-09: SEC Consult releases security advisory


Solution:
------------------------------------------------------------------------------
CXF 2.5.x users should upgrade to 2.5.10 or later as soon as possible.
CXF 2.6.x users should upgrade to 2.6.7 or later as soon as possible.
CXF 2.7.x users should upgrade to 2.7.4 or later as soon as possible.

Also see the advisory of the vendor:
http://cxf.apache.org/security-advisories.data/CVE-2013-2160.txt.asc


Workaround:
------------------------------------------------------------------------------
No workaround available.


Advisory URL:
------------------------------------------------------------------------------
https://www.sec-consult.com/en/Vulnerability-Lab/Advisories.htm


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SEC Consult Vulnerability Lab

SEC Consult
Vienna - Bangkok - Frankfurt/Main - Montreal - Singapore - Vilnius

Headquarter:
Mooslackengasse 17, 1190 Vienna, Austria
Phone:   +43 1 8903043 0
Fax:     +43 1 8903043 15

Mail: research at sec-consult dot com
Web: https://www.sec-consult.com
Blog: http://blog.sec-consult.com
Twitter: https://twitter.com/sec_consult

EOF Andreas Falkenberg / @2013
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·SikaBoom Remote Buffer overflo
·Jolix Media Player 1.1.0 (.m3u
·ERS Viewer 2013 ERS File Handl
·nginx 1.3.9/1.4.0 x86 Brute Fo
·Solaris Recommended Patch Clus
·Ultra Mini HTTPD 1.21 - Stack
·Google Chrome 25.0.1364.152 HT
·Tri-PLC Nano-10 r81 - Denial o
·AOL Instant Messenger 8.0.1.5
·Corel PDF Fusion Stack Buffer
·OpenNetAdmin 13.03.01 Remote C
·Microsoft Windows Authenticate
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved