CVE-2021-30468
16.06.2021, 12:15
A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely. This issue affects Apache CXF versions prior to 3.4.4; Apache CXF versions prior to 3.3.11.
| Vendor | Product | Version |
|---|---|---|
| apache | cxf | 𝑥 < 3.3.11 |
| apache | cxf | 3.4.0 ≤ 𝑥 < 3.4.4 |
| apache | tomee | 8.0.6 |
| oracle | business_intelligence | 5.5.0.0.0 |
| oracle | business_intelligence | 5.9.0.0.0 |
| oracle | business_intelligence | 12.2.1.3.0 |
| oracle | business_intelligence | 12.2.1.4.0 |
| oracle | communications_element_manager | 8.2.2 |
| oracle | communications_messaging_server | 8.1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-400 - Uncontrolled Resource ConsumptionThe software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
References