CVE-2024-32007

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jul 19, 2024
Updated: Aug 1, 2024
CWE ID 400
CWE ID 20

Summary

CVE-2024-32007 is a vulnerability affecting Apache CXF JOSE versions before 4.0.5, 3.6.4, and 3.5.9. An attacker can exploit this issue by inputting an unusually large value for the p2c parameter in a token. This results in a denial of service attack, as the affected software fails to process the token due to memory exhaustion. Input validation for this parameter is insufficient, allowing the attacker to trigger this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Apache Software Foundation CXF
  • Apache CXF

Affected Vendors

  • Apache Software Foundation