Apache CXF Vulnerability Let Attackers Push Systems to Trigger DoS Condition
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
A critical vulnerability has been identified in Apache CXF, a widely used open-source framework for web services.
This flaw, tracked as CVE-2025-23184, allows attackers to exploit the CachedOutputStream class, potentially causing a Denial of Service (DoS) by overwhelming system resources.
The issue is officially tracked by Apache with the identifier CXF-7396. The issue stems from improper management of CachedOutputStream instances.
Understanding the Vulnerability
In certain edge cases, these streams may remain unclosed, especially when backed by temporary files.This flaw can lead to excessive consumption of file system storage, ultimately resulting in system failure or unavailability.
The CachedOutputStream class is designed to buffer large data streams by switching from memory to temporary file storage once a threshold is exceeded.
However, if these temporary files are not properly closed and cleaned up, they can accumulate and fill the disk space, rendering both servers and clients vulnerable.
A Denial of Service (DoS) attack leveraging this vulnerability could disrupt the availability of affected systems by:
This vulnerability is especially concerning for high-load environments where CachedOutputStream is frequently used for processing large data streams.
Affected versions:
Fix Available
To address this vulnerability and protect systems from potential exploitation, Apache has released patched versions. Users are strongly advised to update Apache CXF to the following versions:
#Cyber_Security_News #DDOS #Vulnerability #Vulnerability_News #cyber_security #cyber_security_news
Оригинальная версия на сайте:
Apache CXF Vulnerability Let Attackers Push Systems to Trigger DoS Condition
Author: Guru BaranA critical vulnerability has been identified in Apache CXF, a widely used open-source framework for web services.
This flaw, tracked as CVE-2025-23184, allows attackers to exploit the CachedOutputStream class, potentially causing a Denial of Service (DoS) by overwhelming system resources.
The issue is officially tracked by Apache with the identifier CXF-7396. The issue stems from improper management of CachedOutputStream instances.
Understanding the Vulnerability
In certain edge cases, these streams may remain unclosed, especially when backed by temporary files.This flaw can lead to excessive consumption of file system storage, ultimately resulting in system failure or unavailability.
The CachedOutputStream class is designed to buffer large data streams by switching from memory to temporary file storage once a threshold is exceeded.
However, if these temporary files are not properly closed and cleaned up, they can accumulate and fill the disk space, rendering both servers and clients vulnerable.
A Denial of Service (DoS) attack leveraging this vulnerability could disrupt the availability of affected systems by:
- Consuming all available disk space through unclosed temporary files.
- Preventing legitimate users from accessing services due to resource exhaustion.
This vulnerability is especially concerning for high-load environments where CachedOutputStream is frequently used for processing large data streams.
Affected versions:
- Apache CXF before 3.5.10
- Apache CXF 3.6.0 before 3.6.5
- Apache CXF 4.0.0 before 4.0.6
Fix Available
To address this vulnerability and protect systems from potential exploitation, Apache has released patched versions. Users are strongly advised to update Apache CXF to the following versions:
- 3.5.10
- 3.6.5
- 4.0.6
#Cyber_Security_News #DDOS #Vulnerability #Vulnerability_News #cyber_security #cyber_security_news
Оригинальная версия на сайте:
