Analysis Summary

CVE-2024-32007 CVSS:7.5

Apache CXF is vulnerable to a denial of service, caused by improper input validation by the p2c parameter. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2024-41172 CVSS:7.5

Apache CXF is vulnerable to a denial of service, caused by a memory consumption flaw in CXF HTTP clients when preventing HTTPClient instances from being garbage collected. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2024-39877 CVSS:8.8

Apache Airflow could allow a remote authenticated attacker to execute arbitrary code on the system, caused by improper input validation. By sending a specially crafted request using the doc_md parameter, an attacker could exploit this vulnerability to execute arbitrary code in the scheduler context.

CVE-2024-31411 CVSS:8.8

Apache StreamPipes could allow a remote authenticated attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious file, which could allow the attacker to execute arbitrary code on the vulnerable system.

Impact

• Denial of Service
• Gain Access
• Security Bypass

Indicators of Compromise

CVE

• CVE-2024-32007
• CVE-2024-41172
• CVE-2024-39877
• CVE-2024-31411

Affected Vendors

Remediation

Upgrade to the latest version of Apache, available from the Apache Website.

CVE-2024-32007

CVE-2024-41172

CVE-2024-39877

CVE-2024-31411