Description
A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system (it applies to servers and clients).
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Affected products
- Apache Software Foundation / Apache CXF0 – 3.5.10
- Apache Software Foundation / Apache CXF3.6.0 – 3.6.5
- Apache Software Foundation / Apache CXF4.0.0 – 4.0.6