MGASA-2014-0001

See a problem?
Please try reporting it to the source first.
Source
https://advisories.mageia.org/MGASA-2014-0001.html
Import Source
https://advisories.mageia.org/MGASA-2014-0001.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2014-0001
Upstream
  • CVE-2013-2160
Published
2014-01-06T00:49:54Z
Modified
2026-04-16T06:26:31.443207642Z
Summary
Updated cxf, wss4j, and jacorb packages fix security vulnerability
Details

Multiple denial of service flaws were found in the way StAX parser implementation of Apache CXF, an open-source web services framework, performed processing of certain XML files. If a web service application utilized the services of the StAX parser, a remote attacker could provide a specially-crafted XML file that, when processed by the application would lead to excessive system resources (CPU cycles, memory) consumption by that application (CVE-2013-2160).

References
Credits

Affected packages

Mageia:3 / cxf

Package

Name
cxf
Purl
pkg:rpm/mageia/cxf?arch=source&distro=mageia-3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.6.9-1.mga3

Ecosystem specific 

{
    "section": "core"
}

Database specific

source 
"https://advisories.mageia.org/MGASA-2014-0001.json"

Mageia:3 / jacorb

Package

Name
jacorb
Purl
pkg:rpm/mageia/jacorb?arch=source&distro=mageia-3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.3.1-4.mga3

Ecosystem specific 

{
    "section": "core"
}

Database specific

source 
"https://advisories.mageia.org/MGASA-2014-0001.json"

Mageia:3 / wss4j

Package

Name
wss4j
Purl
pkg:rpm/mageia/wss4j?arch=source&distro=mageia-3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.6.10-1.mga3

Ecosystem specific 

{
    "section": "core"
}

Database specific

source 
"https://advisories.mageia.org/MGASA-2014-0001.json"