CVE-2024-32007

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jul 19, 2024

Updated: Aug 1, 2024

CWE ID 400

CWE ID 20

Summary

CVE-2024-32007 is a vulnerability affecting Apache CXF JOSE versions before 4.0.5, 3.6.4, and 3.5.9. An attacker can exploit this issue by inputting an unusually large value for the p2c parameter in a token. This results in a denial of service attack, as the affected software fails to process the token due to memory exhaustion. Input validation for this parameter is insufficient, allowing the attacker to trigger this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Apache Software Foundation CXF
Apache CXF

Affected Vendors

Apache Software Foundation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/xF8qS4
https://www.cve.org/CVERecord?id=CVE-2024-32007
https://nvd.nist.gov/vuln/detail/CVE-2024-32007

Back to Vulnerability Database