CVE-2017-12624 is a vulnerability in Apache CXF
Published on November 14, 2017
Apache CXF supports sending and receiving attachments via either the JAX-WS or JAX-RS specifications. It is possible to craft a message attachment header that could lead to a Denial of Service (DoS) attack on a CXF web service provider. Both JAX-WS and JAX-RS services are vulnerable to this attack. From Apache CXF 3.2.1 and 3.1.14, message attachment headers that are greater than 300 characters will be rejected by default. This value is configurable via the property "attachment-max-header-size".
Products Associated with CVE-2017-12624
Want to know whenever a new CVE is published for Apache CXF? stack.watch will email you.
Affected Versions
Apache Software Foundation Apache CXF:- Version prior to 3.1.14 is affected.
- Version 3.2.x prior to 3.2.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.