REDHAT-BUG-2298828: Input Validation
First published: Fri Jul 19 2024(Updated: )
An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache CXF | <4.0.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of REDHAT-BUG-2298828?
The severity of REDHAT-BUG-2298828 is significant as it allows denial of service attacks through improper input validation.
How do I fix REDHAT-BUG-2298828?
To fix REDHAT-BUG-2298828, upgrade Apache CXF to version 4.0.5 or later, or to 3.6.4 or later, or to 3.5.9 or later.
What versions of Apache CXF are affected by REDHAT-BUG-2298828?
Versions of Apache CXF affected by REDHAT-BUG-2298828 are those prior to 4.0.5, 3.6.4, and 3.5.9.
What type of attack does REDHAT-BUG-2298828 enable?
REDAHT-BUG-2298828 enables attackers to perform denial of service attacks.
Is input validation an issue in REDHAT-BUG-2298828?
Yes, improper input validation of the p2c parameter is a critical issue in REDHAT-BUG-2298828.
- agent/severity
- agent/weakness
- agent/type
- agent/first-publish-date
- agent/event
- agent/description
- agent/references
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-32007
- agent/last-modified-date
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/apache
- canonical/apache cxf