CVE-2013-2160: Denial of Service Attacks on Apache CXF

August 19, 2013 (updated October 30, 2013)

The streaming XML parser in this package allows remote attackers to cause a denial of service (CPU and memory consumption) via crafted XML with a large number of elements, attributes, nested constructs, and possibly other vectors.

References

cxf.apache.org/security-advisories.data/CVE-2013-2160.txt.asc
bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2160

Code Behaviors & Features

Detect and mitigate CVE-2013-2160 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →