Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (memory consumption) via a large request with the Content-Type set to text/html to a SOAP endpoint, which triggers an error.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| org.apache.cxf:cxf-core(Maven) | 0 | 2.6.14 | N/A |
| org.apache.cxf:cxf-core(Maven) | 2.7.0 | 2.7.11 | N/A |
CVSS Metrics
