vulnerability

Red Hat JBossEAP: Other (CVE-2024-32007)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:N/A:P)	Jul 19, 2024	Sep 19, 2024	Sep 20, 2024

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:P)

Published

Jul 19, 2024

Added

Sep 19, 2024

Modified

Sep 20, 2024

Description

An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token. . An improper input validation vulnerability was found in the p2c parameter in the Apache CXF JOSE. This flaw allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token.

Solution

red-hat-jboss-eap-upgrade-latest

References

CVE-2024-32007
https://attackerkb.com/topics/CVE-2024-32007
URL-https://access.redhat.com/security/cve/CVE-2024-32007
URL-https://bugzilla.redhat.com/show_bug.cgi?id=2298828
URL-https://github.com/advisories/GHSA-6pff-fmh2-4mmf
URL-https://lists.apache.org/thread/stwrgsr1llb73nkl16klv9vjqgmmx633

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today