CVE-2014-0110 — Uncontrolled Resource Consumption in Apache CXF

Description

Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (/tmp disk consumption) via a large invalid SOAP message.

How to fix CVE-2014-0110

To remediate CVE-2014-0110, upgrade the affected package to a fixed version below.

Maven/org.apache.cxf:cxf-core—upgrade to 2.6.14 or later

Is CVE-2014-0110 being exploited?

Moderate — EPSS is 6.1%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

from 0, < 2.6.14

References (15)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2014-0110
WEBcxf.apache.org/security-advisories.data/CVE-2014-0110.txt.asc
WEBrhn.redhat.com/errata/RHSA-2014-1351.html
WEBrhn.redhat.com/errata/RHSA-2015-0850.html
WEB