In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component.
Metrics
Affected Vendors & Products
References
History
Wed, 06 Nov 2024 02:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat jboss Enterprise Application Platform
|
|
CPEs | cpe:/a:redhat:jboss_enterprise_application_platform:8.0 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9 |
|
Vendors & Products |
Redhat jboss Enterprise Application Platform
|
Wed, 30 Oct 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-770 | |
Metrics |
ssvc
|
Wed, 16 Oct 2024 20:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Connect2id
Connect2id nimbus Jose\+jwt |
|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:a:connect2id:nimbus_jose\+jwt:*:*:*:*:*:*:*:* | |
Vendors & Products |
Connect2id
Connect2id nimbus Jose\+jwt |
Tue, 15 Oct 2024 02:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:apache_camel_spring_boot:4.4.3 |
Thu, 19 Sep 2024 23:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat
Redhat apache Camel Spring Boot |
|
CPEs | cpe:/a:redhat:apache_camel_spring_boot:3.20.7 | |
Vendors & Products |
Redhat
Redhat apache Camel Spring Boot |
Fri, 06 Sep 2024 14:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Title | nimbus-jose-jwt: large JWE p2c header value causes Denial of Service | |
Weaknesses | CWE-400 | |
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-02-11T00:00:00
Updated: 2024-10-30T19:50:55.784Z
Reserved: 2024-02-11T00:00:00
Link: CVE-2023-52428
Vulnrichment
Updated: 2024-08-02T22:55:41.674Z
NVD
Status : Modified
Published: 2024-02-11T05:15:08.383
Modified: 2024-11-21T08:39:43.963
Link: CVE-2023-52428
Redhat