CVE-2024-32007

Summary

An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token. 

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache CXF0 < 4.0.5, 3.6.4, 3.5.9affected

Weaknesses

  • CWE-400: CWE-400 Uncontrolled Resource Consumption
  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

CVE Program Container

Additional References

References