{"id":"MGASA-2014-0001","summary":"Updated cxf, wss4j, and jacorb packages fix security vulnerability","details":"Multiple denial of service flaws were found in the way StAX parser\nimplementation of Apache CXF, an open-source web services framework,\nperformed processing of certain XML files. If a web service application\nutilized the services of the StAX parser, a remote attacker could provide\na specially-crafted XML file that, when processed by the application would\nlead to excessive system resources (CPU cycles, memory) consumption by\nthat application (CVE-2013-2160).\n","modified":"2026-04-16T06:26:31.443207642Z","published":"2014-01-06T00:49:54Z","upstream":["CVE-2013-2160"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0001.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=10986"},{"type":"ADVISORY","url":"http://cxf.apache.org/security-advisories.data/CVE-2013-2160.txt.asc?version=1&modificationDate=1372324301037"},{"type":"WEB","url":"https://lists.fedoraproject.org/pipermail/package-announce/2013-August/113793.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/pipermail/package-announce/2013-August/113792.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/pipermail/package-announce/2013-August/113791.html"}],"affected":[{"package":{"name":"cxf","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/cxf?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.6.9-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0001.json"}},{"package":{"name":"jacorb","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/jacorb?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.3.1-4.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0001.json"}},{"package":{"name":"wss4j","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/wss4j?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.6.10-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0001.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}