Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                              CERT-Renater

                  Note d'Information No. 2025/VULN025

_____________________________________________________________________

DATE                : 21/01/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache CXF versions prior to
                               3.5.10, 3.6.5, 4.0.6.

=====================================================================
https://lists.apache.org/thread/85o2yg53sg0xmb54234tlvrj2gzcr9c7
_____________________________________________________________________

CVE-2025-23184: Apache CXF: Denial of Service vulnerability with
temporary files


Affected versions:

- Apache CXF before 3.5.10
- Apache CXF 3.6.0 before 3.6.5
- Apache CXF 4.0.0 before 4.0.6


Description:

A potential denial of service vulnerability is present in versions of
Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the
CachedOutputStream instances may not be closed and, if backed by
temporary files, may fill up the file system (it applies to servers
and clients).

This issue is being tracked as CXF-7396


References:

https://cxf.apache.org/
https://www.cve.org/CVERecord?id=CVE-2025-23184
https://issues.apache.org/jira/browse/CXF-7396

	
=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================