Rewterz Threat Alert – Lazarus APT Group – IOCs
April 5, 2021Rewterz Threat Alert – Formbook Malware – Active IoCs
April 6, 2021Rewterz Threat Alert – Lazarus APT Group – IOCs
April 5, 2021Rewterz Threat Alert – Formbook Malware – Active IoCs
April 6, 2021Severity
High
Analysis Summary
Apache CXF is vulnerable to a denial of service, caused by improper validation of request_uri parameter by the OAuth 2 authorization service. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition on the authorization server.
Impact
Denial of service
Affected Vendors
Apache
Affected Products
- Apache CXF 3.4.2
- Apache CXF 3.3.9
Remediation
Upgrade to the latest version of CXF (3.3.10, 3.4.3 or later).