VDB
CVE-2019-12406
CVE-2019-12406
PUBLISHED
Es existiert eine Schwachstelle in Apache CXF, welche auf einer fehlenden Beschränkung von Nachrichtenanhängen basiert. Ein entfernter, anonymer Angreifer kann diese Schwachstelle durch das Hinzufügen von vielen Anhängen an die Nachricht ausnutzen, um somit einen Denial of Service Zustand zu verursachen.
EPSS 4.13% · 88.9th percentile
Risk Scores
EPSS Score
4.13%
88.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| IBM | IBM InfoSphere Guardium | |
| EMC | EMC Avamar | |
| Red Hat | Red Hat Enterprise Linux |
Timeline
- Nov 5, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 17, 2021 EPSS Score
- Jun 19, 2021 EPSS Score
- Jun 24, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2019/wid-sec-w-2022-1825.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1825 advisory
- http://cxf.apache.org/security-advisories.data/CVE-2019-12419.txt.asc advisory
- http://cxf.apache.org/security-advisories.data/CVE-2019-12406.txt.asc advisory
- https://access.redhat.com/errata/RHSA-2020:0556 advisory
- https://access.redhat.com/errata/RHSA-2020:2067 advisory
- https://access.redhat.com/errata/RHSA-2020:2333 advisory
- https://access.redhat.com/errata/RHSA-2020:3197 advisory
- https://access.redhat.com/errata/RHSA-2020:3196 advisory
- https://access.redhat.com/errata/RHSA-2020:5568 advisory
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-guardium-is-affected-by-multiple-vulnerabilities-34/ advisory
- https://www.dell.com/support/kbdoc/000221770/dsa-2024-= advisory