Advisories ยป MGASA-2014-0001

Updated cxf, wss4j, and jacorb packages fix security vulnerability

Publication date: 06 Jan 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-2160


Multiple denial of service flaws were found in the way StAX parser
implementation of Apache CXF, an open-source web services framework,
performed processing of certain XML files. If a web service application
utilized the services of the StAX parser, a remote attacker could provide
a specially-crafted XML file that, when processed by the application would
lead to excessive system resources (CPU cycles, memory) consumption by
that application (CVE-2013-2160).