CVE-2013-2160

Published: Aug 19, 2013Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The streaming XML parser in Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to cause a denial of service (CPU and memory consumption) via crafted XML with a large number of (1) elements, (2) attributes, (3) nested constructs, and possibly other vectors.

Affected (21)

Products: Apache: Cxf

1 product

Configuration A

21 vulnerable

Vulnerable Software	Affected Versions
Apache Cxf	Version 2.5.0
Apache Cxf	Version 2.5.1
Apache Cxf	Version 2.5.2
Apache Cxf	Version 2.5.3
Apache Cxf	Version 2.5.4
Apache Cxf	Version 2.5.5
Apache Cxf	Version 2.5.6
Apache Cxf	Version 2.5.7
Apache Cxf	Version 2.5.8
Apache Cxf	Version 2.5.9
Apache Cxf	Version 2.6.0
Apache Cxf	Version 2.6.1
Apache Cxf	Version 2.6.2
Apache Cxf	Version 2.6.3
Apache Cxf	Version 2.6.4
Apache Cxf	Version 2.6.5
Apache Cxf	Version 2.6.6
Apache Cxf	Version 2.7.0
Apache Cxf	Version 2.7.1
Apache Cxf	Version 2.7.2
Apache Cxf	Version 2.7.3

Related CWEs

References (24)

http://jira.codehaus.org/browse/WSTX-285

Source: secalert@redhat.com

Patch

http://jira.codehaus.org/browse/WSTX-287

Source: secalert@redhat.com

Patch

http://rhn.redhat.com/errata/RHSA-2013-1028.html

Source: secalert@redhat.com

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2013-1437.html

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=929197

Source: secalert@redhat.com

https://cxf.apache.org/security-advisories.data/CVE-2013-2160.txt.asc

Source: secalert@redhat.com

Vendor Advisory

https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E

Source: secalert@redhat.com

http://jira.codehaus.org/browse/WSTX-285

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://jira.codehaus.org/browse/WSTX-287

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://rhn.redhat.com/errata/RHSA-2013-1028.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2013-1437.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=929197

Source: af854a3a-2127-422b-91ae-364da2661108

https://cxf.apache.org/security-advisories.data/CVE-2013-2160.txt.asc

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.