CVE-2019-12406

EPSS 4.13% · P89 Updated Feb 21, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2019-12406

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message attachments present in a given message. This leaves open the possibility of a denial of service type attack, where a malicious user crafts a message containing a very large number of message attachments. From the 3.3.4 and 3.2.11 releases, a default limit of 50 message attachments is enforced. This is configurable via the message property "attachment-max-count".

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Apache CXF 资源管理错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Apache CXF是美国阿帕奇（Apache）基金会的一个开源的Web服务框架。该框架支持多种Web服务标准、多种前端编程API等。 Apache CXF 3.3.4之前版本和3.2.11之前版本中存在资源管理错误漏洞，该漏洞源于程序没有限制消息中的附件数。攻击者可借助含有大量附件的消息利用该漏洞造成拒绝服务。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	Apache CXF	Apache CXF versions before 3.3.4 and 3.2.11	-

II. Public POCs for CVE-2019-12406

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2019-12406

请登录查看更多情报信息。

https://www.oracle.com/security-alerts/cpuApr2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuapr2020.htmlx_refsource_MISC
http://cxf.apache.org/security-advisories.data/CVE-2019-12406.txt.ascx_refsource_CONFIRM
https://lists.apache.org/thread.html/r92238967ba2783d3ab5a483f2e17f5fdaa8ace98990f69f9e8e15de0%40%3Cissues.cxf.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rabc395b38acb7f2465bfbf0bc16d6e1e95720c89bea87abe8808eeea%40%3Cissues.cxf.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rb2a6dab1f781f55326543c56dc29ea677759439ddfeba920c83037e6%40%3Cissues.cxf.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rca465c9d1e1969281338522b76701c85a07abd045c494261137236e0%40%3Cissues.cxf.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3Emailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3Emailing-listx_refsource_MLIST
https://nvd.nist.gov/vuln/detail/CVE-2019-12406

Same Patch Batch · n/a · 2019-11-06 · 44 CVEs total

CVE-2018-20853		WordPress MailPoet Newsletters 安全漏洞
CVE-2019-5125		LEAD Technologies LEADTOOLS 缓冲区错误漏洞
CVE-2019-5099		LEAD Technologies LEADTOOLS 数字错误漏洞
CVE-2019-5100		LEAD Technologies LEADTOOLS 输入验证错误漏洞
CVE-2014-9014		WordPress WP Marketplace 路径遍历漏洞
CVE-2014-9013		WordPress WP Marketplace 输入验证错误漏洞
CVE-2019-18411		ZOHO ManageEngine ADSelfService Plus 跨站请求伪造漏洞
CVE-2019-16400		Samsung Galaxy S8 plus、Samsung Galaxy S3和Samsung Galaxy Note 2 注入漏洞
CVE-2019-16401		Samsung Galaxy S8 plus、Samsung Galaxy S3和Samsung Galaxy Note 2 信息泄露漏洞
CVE-2009-5046		Eclipse Jetty 跨站脚本漏洞
CVE-2019-5084		LEAD Technologies LEADTOOLS 缓冲区错误漏洞
CVE-2009-5050		Konversation 输入验证错误漏洞
CVE-2011-1298		Google Chrome WebKit 输入验证错误漏洞
CVE-2009-5049		Eclipse Jetty 跨站脚本漏洞
CVE-2009-5048		Eclipse Jetty 跨站脚本漏洞
CVE-2016-1000037		Pagure 跨站脚本漏洞
CVE-2019-6122		NiceHash Miner 信息泄露漏洞
CVE-2019-6121		NiceHash Miner 安全漏洞
CVE-2019-6120		NiceHash Miner 输入验证错误漏洞
CVE-2010-2446		Rbot Reaction 输入验证错误漏洞

Showing top 20 of 44 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: Apache CXF

Same vendor: n/a

V. Comments for CVE-2019-12406

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2019-12406

I. Basic Information for CVE-2019-12406

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2019-12406

III. Intelligence Information for CVE-2019-12406

Same Patch Batch · n/a · 2019-11-06 · 44 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2019-12406

Leave a comment