Apache CXF is vulnerable to a denial of service, caused by the failure to restrict the number of message attachments present in a given message. By sending a specially-crafted message containing an overly large number of message attachments, a remote attacker could exploit this vulnerability to cause a denial of service condition. This vulnerability has been addressed by IBM Cloud App Management in a later version.
Affected product(s) and affected version(s):
| Affected Product(s) | Version(s) |
| IBM Cloud App Management V2018 | 2019.3.0 |
| IBM Cloud App Management V2018 | 2019.4.0 |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6190575
The post Security Bulletin: A vulnerability in Apache CXF affects IBM Cloud App Management (CVE-2019-12406) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team https://ift.tt/2zQHpTf
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.