Vulnerabilities > CVE-2021-30468 - Infinite Loop vulnerability in multiple products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

apache

oracle

CWE-835

NVD

Published: 2021-06-16

Updated: 2023-11-07

Summary

A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread getting stuck in an infinite loop, consuming CPU indefinitely. This issue affects Apache CXF versions prior to 3.4.4; Apache CXF versions prior to 3.3.11.

Vulnerable Configurations

Part	Description	Count
Application	Apache Apache CXF 3.4.0 Apache CXF 3.4.1 Apache CXF 3.4.2 Apache CXF 3.4.3 Apache CXF 2.0.6 Apache CXF 2.0.7 Apache CXF 2.0.8 Apache CXF 2.0.9 Apache CXF 2.0.10 Apache CXF 2.0.11 Apache CXF 2.0.12 Apache CXF 2.0.13 Apache CXF 2.1 Apache CXF 2.1.0 Apache CXF 2.1.1 Apache CXF 2.1.2 Apache CXF 2.1.3 Apache CXF 2.1.4 Apache CXF 2.1.5 Apache CXF 2.1.6 Apache CXF 2.1.7 Apache CXF 2.1.8 Apache CXF 2.1.9 Apache CXF 2.1.10 Apache CXF 2.2.0 Apache CXF 2.2.1 Apache CXF 2.2.2 Apache CXF 2.2.3 Apache CXF 2.2.4 Apache CXF 2.2.5 Apache CXF 2.2.6 Apache CXF 2.2.7 Apache CXF 2.2.8 Apache CXF 2.2.9 Apache CXF 2.2.10 Apache CXF 2.2.11 Apache CXF 2.2.12 Apache CXF 2.3.0 Apache CXF 2.3.1 Apache CXF 2.3.2 Apache CXF 2.3.3 Apache CXF 2.3.4 Apache CXF 2.3.5 Apache CXF 2.3.6 Apache CXF 2.3.7 Apache CXF 2.3.8 Apache CXF 2.3.9 Apache CXF 2.3.10 Apache CXF 2.3.11 Apache CXF 2.4.0 Apache CXF 2.4.1 Apache CXF 2.4.2 Apache CXF 2.4.3 Apache CXF 2.4.4 Apache CXF 2.4.5 Apache CXF 2.4.6 Apache CXF 2.4.7 Apache CXF 2.4.8 Apache CXF 2.4.9 Apache CXF 2.4.10 Apache CXF 2.5.0 Apache CXF 2.5.1 Apache CXF 2.5.2 Apache CXF 2.5.3 Apache CXF 2.5.4 Apache CXF 2.5.5 Apache CXF 2.5.6 Apache CXF 2.5.7 Apache CXF 2.5.8 Apache CXF 2.5.9 Apache CXF 2.5.10 Apache CXF 2.5.11 Apache CXF 2.6.0 Apache CXF 2.6.1 Apache CXF 2.6.2 Apache CXF 2.6.3 Apache CXF 2.6.4 Apache CXF 2.6.5 Apache CXF 2.6.6 Apache CXF 2.6.7 Apache CXF 2.6.8 Apache CXF 2.6.9 Apache CXF 2.6.10 Apache CXF 2.6.11 Apache CXF 2.6.12 Apache CXF 2.6.13 Apache CXF 2.6.14 Apache CXF 2.6.15 Apache CXF 2.6.16 Apache CXF 2.6.17 Apache CXF 2.7.0 Apache CXF 2.7.1 Apache CXF 2.7.2 Apache CXF 2.7.3 Apache CXF 2.7.4 Apache CXF 2.7.5 Apache CXF 2.7.6 Apache CXF 2.7.7 Apache CXF 2.7.8 Apache CXF 2.7.9 Apache CXF 2.7.10 Apache CXF 2.7.11 Apache CXF 2.7.12 Apache CXF 2.7.13 Apache CXF 2.7.14 Apache CXF 2.7.15 Apache CXF 2.7.16 Apache CXF 2.7.17 Apache CXF 2.7.18 Apache CXF 3.0.0 Apache CXF 3.0.1 Apache CXF 3.0.2 Apache CXF 3.0.3 Apache CXF 3.0.4 Apache CXF 3.0.5 Apache CXF 3.0.6 Apache CXF 3.0.7 Apache CXF 3.0.8 Apache CXF 3.0.9 Apache CXF 3.0.10 Apache CXF 3.0.11 Apache CXF 3.0.12 Apache CXF 3.0.13 Apache CXF 3.0.14 Apache CXF 3.0.15 Apache CXF 3.0.16 Apache CXF 3.1.0 Apache CXF 3.1.1 Apache CXF 3.1.2 Apache CXF 3.1.3 Apache CXF 3.1.4 Apache CXF 3.1.5 Apache CXF 3.1.6 Apache CXF 3.1.7 Apache CXF 3.1.8 Apache CXF 3.1.9 Apache CXF 3.1.10 Apache CXF 3.1.11 Apache CXF 3.1.12 Apache CXF 3.1.13 Apache CXF 3.1.14 Apache CXF 3.1.15 Apache CXF 3.1.16 Apache CXF 3.1.17 Apache CXF 3.2.0 Apache CXF 3.2.1 Apache CXF 3.2.2 Apache CXF 3.2.3 Apache CXF 3.2.4 Apache CXF 3.2.5 Apache CXF 3.2.6 Apache CXF 3.2.7 Apache CXF 3.2.8 Apache CXF 3.2.9 Apache CXF 3.2.10 Apache CXF 3.2.11 Apache CXF 3.2.12 Apache CXF 3.2.13 Apache CXF 3.2.14 Apache CXF 3.3.0 Apache CXF 3.3.1 Apache CXF 3.3.2 Apache CXF 3.3.3 Apache CXF 3.3.4 Apache CXF 3.3.5 Apache CXF 3.3.6 Apache CXF 3.3.7 Apache CXF 3.3.8 Apache CXF 3.3.9 Apache CXF 3.3.10 Apache Tomee 8.0.6	171
Application	Oracle Oracle Business Intelligence 12.2.1.3.0 Oracle Business Intelligence 12.2.1.4.0 Oracle Business Intelligence 5.5.0.0.0 Oracle Business Intelligence 5.9.0.0.0 Oracle Communications Element Manager 8.2.2	5
OS	Oracle Oracle Communications Messaging Server 8.1	1

Common Weakness Enumeration (CWE)

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References