HTTP: Apache CXF Denial Of Service

This signature detects attempts to cause a denial-of-service on Apache. A successful attack could result in complete resource consumption and ultimately causing the web server to stop responding.

Extended Description

The streaming XML parser in Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to cause a denial of service (CPU and memory consumption) via crafted XML with a large number of (1) elements, (2) attributes, (3) nested constructs, and possibly other vectors.

Affected Products

Apache cxf

References

CVE: CVE-2013-2160

Short Name
HTTP:DOS:APACHE-CXF
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Apache CVE-2013-2160 CXF Denial Of Service
Release Date
05/09/2017
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3375
False Positive
Unknown
Vendors

Apache

CVSS Score

5.0

Found a potential security threat?