VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-xj9j-j7ke-aaas

Essentials
Severities (97)
References (14)
Severity details (15)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-xj9j-j7ke-aaas
Aliases	CVE-2024-41172 GHSA-4mgg-fqfq-64hg
Summary	Apache CXF allows unrestricted memory consumption in CXF HTTP clients In versions of Apache CXF before 3.6.4 and 4.0.5 (3.5.x and lower versions are not impacted), a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the application to run out of memory
Status	Published
Exploitability	0.5
Weighted Severity	6.8
Risk	3.4
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-401	Missing Release of Memory after Effective Lifetime
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	3.7	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41172.json
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41172.json
epss	0.00088	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.00088	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.00088	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.00088	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.00088	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.00088	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.00088	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.00088	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.00088	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.00088	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.00088	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.00088	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.00179	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.00179	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.00179	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.00179	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.02272	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.02272	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.02272	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.02272	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.02272	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.02272	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.02272	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.02272	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.03025	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.03025	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.03025	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.03025	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.03025	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.03025	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.03025	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.03025	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.03025	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.03025	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.03054	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.03054	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.03054	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.03054	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.03054	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.03054	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.03054	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.03054	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.03054	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.03054	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.03054	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.03183	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.03183	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.03183	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.03183	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.03183	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.03183	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.03183	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.03183	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.03183	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.03183	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.03183	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.03183	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.03183	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.03183	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.03183	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.03183	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.03183	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.03183	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.03183	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.03183	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.03183	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.03183	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.03183	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.03397	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.03397	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.03397	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.03397	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.03758	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.03758	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.03758	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.03758	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.03758	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.03758	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.03758	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.03758	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.04161	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
epss	0.06839	https://api.first.org/data/v1/epss?cve=CVE-2024-41172
cvssv3.1_qr	LOW	https://github.com/advisories/GHSA-4mgg-fqfq-64hg
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-4mgg-fqfq-64hg
cvssv3.1	3.7	https://github.com/apache/cxf
generic_textual	LOW	https://github.com/apache/cxf
generic_textual	MODERATE	https://github.com/apache/cxf
cvssv3.1	3.7	https://lists.apache.org/thread/n2hvbrgwpdtcqdccod8by28ynnolybl6
generic_textual	LOW	https://lists.apache.org/thread/n2hvbrgwpdtcqdccod8by28ynnolybl6
generic_textual	MODERATE	https://lists.apache.org/thread/n2hvbrgwpdtcqdccod8by28ynnolybl6
cvssv3	7.5	https://nvd.nist.gov/vuln/detail/CVE-2024-41172
cvssv3.1	3.7	https://nvd.nist.gov/vuln/detail/CVE-2024-41172
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2024-41172
generic_textual	LOW	https://nvd.nist.gov/vuln/detail/CVE-2024-41172
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2024-41172

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41172.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-41172
		https://github.com/apache/cxf
		https://lists.apache.org/thread/n2hvbrgwpdtcqdccod8by28ynnolybl6
		https://nvd.nist.gov/vuln/detail/CVE-2024-41172
		https://security.netapp.com/advisory/ntap-20240808-0008/
		http://www.openwall.com/lists/oss-security/2024/07/18/4
2298829		https://bugzilla.redhat.com/show_bug.cgi?id=2298829
cpe:2.3:a:apache:cxf::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf::::::::
GHSA-4mgg-fqfq-64hg		https://github.com/advisories/GHSA-4mgg-fqfq-64hg
RHSA-2024:7052		https://access.redhat.com/errata/RHSA-2024:7052
RHSA-2024:8823		https://access.redhat.com/errata/RHSA-2024:8823
RHSA-2024:8824		https://access.redhat.com/errata/RHSA-2024:8824
RHSA-2024:8826		https://access.redhat.com/errata/RHSA-2024:8826

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41172.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41172.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/apache/cxf

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://lists.apache.org/thread/n2hvbrgwpdtcqdccod8by28ynnolybl6

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-41172

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2024-41172

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-41172

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.38873
EPSS Score	0.00088
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
2024-07-20T00:23:33.745819+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/07/GHSA-4mgg-fqfq-64hg/GHSA-4mgg-fqfq-64hg.json	34.0.0rc4