CVE-2017-12624

5.5MEDIUM

Key Information:

Vendor
Apache
Status
Apache Cxf
Vendor
CVE Published:
14 November 2017

Badges

👾 Exploit Exists🟡 Public PoC

Summary

Apache CXF supports sending and receiving attachments via either the JAX-WS or JAX-RS specifications. It is possible to craft a message attachment header that could lead to a Denial of Service (DoS) attack on a CXF web service provider. Both JAX-WS and JAX-RS services are vulnerable to this attack. From Apache CXF 3.2.1 and 3.1.14, message attachment headers that are greater than 300 characters will be rejected by default. This value is configurable via the property "attachment-max-header-size".

Affected Version(s)

Apache CXF prior to 3.1.14

Apache CXF 3.2.x prior to 3.2.1

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2017-12624
Created by tafamace

References

https://access.redhat.com/errata/RHSA-2018:2428
vendor-advisoryx_refsource_REDHAT
http://www.securitytracker.com/id/1040486
vdb-entryx_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2018:2424
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.