Search criteria
130 vulnerabilities found for cxf by apache
FKIE_CVE-2025-48913
Vulnerability from fkie_nvd - Published: 2025-08-08 10:15 - Updated: 2025-11-04 22:16
Severity ?
Summary
If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restricted to reject those protocols, removing this possibility.
Users are recommended to upgrade to versions 3.6.8, 4.0.9 or 4.1.3, which fix this issue.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DBCF1F5-333E-4307-ACC5-928C778200FE",
"versionEndExcluding": "3.6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "326D5496-A8EB-4B4B-B489-CCD4936B6E3A",
"versionEndExcluding": "4.0.9",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "737DD9AE-43EC-4D4E-89C6-C84A3FF1A260",
"versionEndExcluding": "4.1.3",
"versionStartIncluding": "4.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restricted to reject those protocols, removing this possibility.\n\nUsers are recommended to upgrade to versions 3.6.8, 4.0.9 or 4.1.3, which fix this issue."
},
{
"lang": "es",
"value": "Si se permite a usuarios no confiables configurar JMS para Apache CXF, anteriormente pod\u00edan usar URL RMI o LDAP, lo que podr\u00eda generar capacidades de ejecuci\u00f3n de c\u00f3digo. Esta interfaz ahora est\u00e1 restringida para rechazar dichos protocolos, eliminando esta posibilidad. Se recomienda a los usuarios actualizar a las versiones 3.6.8, 4.0.9 o 4.1.3, que solucionan este problema."
}
],
"id": "CVE-2025-48913",
"lastModified": "2025-11-04T22:16:17.657",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-08-08T10:15:25.663",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread/f1nv488ztc0js4g5ml2v88mzkzslyh83"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2025/08/07/2"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security@apache.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2025-48795
Vulnerability from fkie_nvd - Published: 2025-07-15 15:15 - Updated: 2025-11-04 22:16
Severity ?
Summary
Apache CXF stores large stream based messages as temporary files on the local filesystem. A bug was introduced which means that the entire temporary file is read into memory and then logged. An attacker might be able to exploit this to cause a denial of service attack by causing an out of memory exception. In addition, it is possible to configure CXF to encrypt temporary files to prevent sensitive credentials from being cached unencrypted on the local filesystem, however this bug means that the cached files are written out to logs unencrypted.
Users are recommended to upgrade to versions 3.5.11, 3.6.6, 4.0.7 or 4.1.1, which fixes this issue.
References
| URL | Tags | ||
|---|---|---|---|
| security@apache.org | https://lists.apache.org/thread/vo5qv02mvv5plmb6z2xf1ktjmrpv3jmn | Issue Tracking, Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2025/07/15/3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cxf:3.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7F973DA8-6DEF-4CFC-9E6C-C0CB0CAA8037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cxf:3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B4C64A03-4077-4DC5-9287-0ADE3F86D637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cxf:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "40B91243-304F-425A-BE97-133AC2C4A7C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cxf:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF72B7F5-406B-419D-8276-7699F540E4CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache CXF stores large stream based messages as temporary files on the local filesystem. A bug was introduced which means that the entire temporary file is read into memory and then logged. An attacker might be able to exploit this to cause a denial of service attack by causing an out of memory exception. In addition, it is possible to configure CXF to encrypt temporary files to prevent sensitive credentials from being cached unencrypted on the local filesystem, however this bug means that the cached files are written out to logs unencrypted.\n\nUsers are recommended to upgrade to versions 3.5.11, 3.6.6, 4.0.7 or 4.1.1, which fixes this issue."
},
{
"lang": "es",
"value": "Apache CXF almacena mensajes grandes basados en flujos como archivos temporales en el sistema de archivos local. Se introdujo un error que provoca que el archivo temporal completo se lea en memoria y luego se registre. Un atacante podr\u00eda aprovechar esto para provocar un ataque de denegaci\u00f3n de servicio mediante una excepci\u00f3n de memoria insuficiente. Adem\u00e1s, es posible configurar CXF para cifrar archivos temporales y evitar que las credenciales confidenciales se almacenen en cach\u00e9 sin cifrar en el sistema de archivos local. Sin embargo, este error implica que los archivos en cach\u00e9 se escriben en los registros sin cifrar. Se recomienda actualizar a las versiones 3.5.11, 3.6.6, 4.0.7 o 4.1.1, que solucionan este problema."
}
],
"id": "CVE-2025-48795",
"lastModified": "2025-11-04T22:16:17.490",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-07-15T15:15:24.697",
"references": [
{
"source": "security@apache.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/vo5qv02mvv5plmb6z2xf1ktjmrpv3jmn"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2025/07/15/3"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "security@apache.org",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-23184
Vulnerability from fkie_nvd - Published: 2025-01-21 10:15 - Updated: 2025-02-15 01:15
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system (it applies to servers and clients).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F551B7C-101F-4859-B2CD-C9F76D7C61F2",
"versionEndExcluding": "3.5.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A581BA3B-93A1-4AED-AAF7-041EFC91EFE7",
"versionEndExcluding": "3.6.5",
"versionStartIncluding": "3.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3533A0DD-FA20-4427-A9A3-3FAFFF37D5BF",
"versionEndExcluding": "4.0.6",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A potential denial of service vulnerability is present in versions of Apache CXF before\u00a03.5.10, 3.6.5 and 4.0.6.\u00a0In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system (it applies to servers and clients)."
},
{
"lang": "es",
"value": "Hay una posible vulnerabilidad de denegaci\u00f3n de servicio presente en versiones de Apache CXF anteriores a 3.5.10, 3.6.5 y 4.0.6. En algunos casos extremos, es posible que las instancias de CachedOutputStream no se cierren y, si est\u00e1n respaldadas por archivos temporales, pueden llenar el archivo sistema (se aplica a servidores y clientes)."
}
],
"id": "CVE-2025-23184",
"lastModified": "2025-02-15T01:15:11.010",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "security@apache.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-01-21T10:15:08.110",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List"
],
"url": "https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2025/01/20/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20250214-0003/"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "security@apache.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-41172
Vulnerability from fkie_nvd - Published: 2024-07-19 09:15 - Updated: 2024-11-21 09:32
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
In versions of Apache CXF before 3.6.4 and 4.0.5 (3.5.x and lower versions are not impacted), a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the application to run out of memory
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D6F6603-DD23-4DD5-8B90-0BAB0EB7E1D1",
"versionEndExcluding": "3.6.4",
"versionStartIncluding": "3.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ACAFECF5-75A5-4397-A588-F51D09717335",
"versionEndExcluding": "4.0.5",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In versions of Apache CXF before 3.6.4 and 4.0.5 (3.5.x and lower versions are not impacted), a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the application to run out of memory\n"
},
{
"lang": "es",
"value": "En las versiones de Apache CXF anteriores a 3.6.4 y 4.0.5 (las versiones 3.5.x y inferiores no se ven afectadas), un conducto de cliente HTTP de CXF puede impedir que las instancias de HTTPClient se recopilen como basura y es posible que el consumo de memoria contin\u00fae aumentando eventualmente causando que la aplicaci\u00f3n se quede sin memoria."
}
],
"id": "CVE-2024-41172",
"lastModified": "2024-11-21T09:32:20.520",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-07-19T09:15:05.640",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/n2hvbrgwpdtcqdccod8by28ynnolybl6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2024/07/18/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/n2hvbrgwpdtcqdccod8by28ynnolybl6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20240808-0008/"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "security@apache.org",
"type": "Primary"
}
]
}
FKIE_CVE-2024-32007
Vulnerability from fkie_nvd - Published: 2024-07-19 09:15 - Updated: 2024-11-21 09:14
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token.Â
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF0BA29F-721E-4599-A7AC-32DAC5AB44D5",
"versionEndExcluding": "3.5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D6F6603-DD23-4DD5-8B90-0BAB0EB7E1D1",
"versionEndExcluding": "3.6.4",
"versionStartIncluding": "3.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ACAFECF5-75A5-4397-A588-F51D09717335",
"versionEndExcluding": "4.0.5",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper input validation of the\u00a0p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9\u00a0allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token.\u00a0\n"
},
{
"lang": "es",
"value": " Una validaci\u00f3n de entrada incorrecta del par\u00e1metro p2c en el c\u00f3digo Apache CXF JOSE anterior a 4.0.5, 3.6.4 y 3.5.9 permite a un atacante realizar un ataque de denegaci\u00f3n de servicio especificando un valor grande para este par\u00e1metro en un token."
}
],
"id": "CVE-2024-32007",
"lastModified": "2024-11-21T09:14:20.010",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-07-19T09:15:04.713",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/stwrgsr1llb73nkl16klv9vjqgmmx633"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2024/07/18/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/stwrgsr1llb73nkl16klv9vjqgmmx633"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20240808-0009/"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "security@apache.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-29736
Vulnerability from fkie_nvd - Published: 2024-07-19 09:15 - Updated: 2024-11-21 09:08
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only applies if a custom stylesheet parameter is configured.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BF0BA29F-721E-4599-A7AC-32DAC5AB44D5",
"versionEndExcluding": "3.5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7D6F6603-DD23-4DD5-8B90-0BAB0EB7E1D1",
"versionEndExcluding": "3.6.4",
"versionStartIncluding": "3.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ACAFECF5-75A5-4397-A588-F51D09717335",
"versionEndExcluding": "4.0.5",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only applies if a custom stylesheet parameter is configured."
},
{
"lang": "es",
"value": "Una vulnerabilidad SSRF en la descripci\u00f3n del servicio WADL en versiones de Apache CXF anteriores a 4.0.5, 3.6.4 y 3.5.9 permite a un atacante realizar ataques de estilo SSRF en servicios web REST. El ataque s\u00f3lo se aplica si se configura un par\u00e1metro de hoja de estilo personalizado."
}
],
"id": "CVE-2024-29736",
"lastModified": "2024-11-21T09:08:12.057",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-07-19T09:15:04.003",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/4jtpsswn2r6xommol54p5mg263ysgdw2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2024/07/18/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/4jtpsswn2r6xommol54p5mg263ysgdw2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20241115-0003/"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "security@apache.org",
"type": "Primary"
}
]
}
FKIE_CVE-2024-28752
Vulnerability from fkie_nvd - Published: 2024-03-15 11:15 - Updated: 2025-06-27 15:06
Severity ?
Summary
A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings (including the default databinding) are not impacted.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | cxf | * | |
| apache | cxf | * | |
| apache | cxf | * | |
| netapp | oncommand_workflow_automation | - | |
| netapp | ontap_tools | 10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A08750E-6464-4EC2-A3D5-9846EEAA6EC4",
"versionEndExcluding": "3.5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3AFDD11C-B774-4252-83A6-5892D89477E0",
"versionEndExcluding": "3.6.3",
"versionStartIncluding": "3.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92A087F8-A4A4-4028-9785-3D9D6B22C68F",
"versionEndExcluding": "4.0.4",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:ontap_tools:10:*:*:*:*:vmware_vsphere:*:*",
"matchCriteriaId": "5333B745-F7A3-46CB-8437-8668DB08CD6F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings (including the default databinding) are not impacted."
},
{
"lang": "es",
"value": "Una vulnerabilidad SSRF que utiliza Aegis DataBinding en versiones de Apache CXF anteriores a 4.0.4, 3.6.3 y 3.5.8 permite a un atacante realizar ataques de estilo SSRF en servicios web que toman al menos un par\u00e1metro de cualquier tipo. Los usuarios de otros enlaces de datos (incluido el enlace de datos predeterminado) no se ven afectados."
}
],
"id": "CVE-2024-28752",
"lastModified": "2025-06-27T15:06:40.040",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.8,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-03-15T11:15:09.220",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/14/3"
},
{
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
],
"url": "https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240517-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/14/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240517-0001/"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "security@apache.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-46364
Vulnerability from fkie_nvd - Published: 2022-12-13 17:15 - Updated: 2025-04-22 03:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.Â
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17B5E32D-A436-4C79-BEE9-6A2DB162DC66",
"versionEndExcluding": "3.4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11EC4474-4CB6-47CD-9E3D-A998A3C7226C",
"versionEndExcluding": "3.5.5",
"versionStartIncluding": "3.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A SSRF vulnerability in parsing the\u00a0href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.\u00a0"
},
{
"lang": "es",
"value": "Una vulnerabilidad SSRF al analizar el atributo href de XOP: Incluir en solicitudes MTOM en versiones de Apache CXF anteriores a 3.5.5 y 3.4.10 permite a un atacante realizar ataques de estilo SSRF en servicios web que toman al menos un par\u00e1metro de cualquier tipo."
}
],
"id": "CVE-2022-46364",
"lastModified": "2025-04-22T03:15:20.907",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-12-13T17:15:17.587",
"references": [
{
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
],
"url": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "security@apache.org",
"type": "Primary"
}
]
}
FKIE_CVE-2022-46363
Vulnerability from fkie_nvd - Published: 2022-12-13 15:15 - Updated: 2025-04-22 03:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows an attacker to perform a remote directory listing or code exfiltration. The vulnerability only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, and so the vulnerability can only arise if the CXF service is misconfigured.
References
| URL | Tags | ||
|---|---|---|---|
| security@apache.org | https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c | Mailing List, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17B5E32D-A436-4C79-BEE9-6A2DB162DC66",
"versionEndExcluding": "3.4.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11EC4474-4CB6-47CD-9E3D-A998A3C7226C",
"versionEndExcluding": "3.5.5",
"versionStartIncluding": "3.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows an attacker to perform a remote directory listing or code exfiltration. The vulnerability only applies when the\u00a0CXFServlet is configured with both the\u00a0static-resources-list and\u00a0redirect-query-check attributes. These attributes are not supposed to be used together, and so the vulnerability can only arise if the CXF service is misconfigured.\n\n"
},
{
"lang": "es",
"value": "Una vulnerabilidad en Apache CXF anterior a las versiones 3.5.5 y 3.4.10 permite a un atacante realizar un listado de directorio remoto o una filtraci\u00f3n de c\u00f3digo. La vulnerabilidad solo se aplica cuando CXFServlet est\u00e1 configurado con los atributos est\u00e1tico-recursos-lista y redirecci\u00f3n-query-check. Se supone que estos atributos no deben usarse juntos, por lo que la vulnerabilidad solo puede surgir si el servicio CXF est\u00e1 mal configurado."
}
],
"id": "CVE-2022-46363",
"lastModified": "2025-04-22T03:15:20.727",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-12-13T15:15:11.677",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security@apache.org",
"type": "Primary"
}
]
}
FKIE_CVE-2021-40690
Vulnerability from fkie_nvd - Published: 2021-09-19 18:15 - Updated: 2024-11-21 06:24
Severity ?
Summary
All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:santuario_xml_security_for_java:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB706AA4-B7E9-4319-A2C0-65B7186507DB",
"versionEndExcluding": "2.1.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:santuario_xml_security_for_java:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20BABD5C-5813-48B8-BAC9-0F36F381F12A",
"versionEndExcluding": "2.2.3",
"versionStartIncluding": "2.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:cxf:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6B927066-A747-4AC3-9E90-BCDB2E0175E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomee:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD205DB8-3CCE-47AE-AD88-A557D31E4B23",
"versionEndExcluding": "8.0.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2A3622F5-5976-4BBC-A147-FC8A6431EA79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:commerce_platform:11.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8CDE72F7-ED9D-4A53-BF63-DF6711FFDEF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5B4A191-44AE-4C35-9164-19237D2CF013",
"versionEndIncluding": "8.1.0",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A543B4F8-149A-48AB-B388-AB7FA2ECAC18",
"versionEndIncluding": "8.2.3",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E1214FDF-357A-4BB9-BADE-50FB2BD16D10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B74B912-152D-4F38-9FC1-741D6D0B27FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:outside_in_technology:8.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3198F822-43F8-4CB3-97F7-C2982FDA5CBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
"matchCriteriaId": "C8AF00C6-B97F-414D-A8DF-057E6BFD8597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3486C85C-57BC-433F-941C-E81539DA5C1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "798E4FEE-9B2B-436E-A2B3-B8AA1079892A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB86F6C3-981E-4ECA-A5EB-9A9CD73D70C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_financial_integration:16.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6B042849-7EF5-4A5F-B6CD-712C0B8735BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_financial_integration:19.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7435071D-0C95-4686-A978-AFC4C9A0D0FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8CFCE558-9972-46A2-8539-C16044F1BAA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A1194C4E-CF42-4B4D-BA9A-40FDD28F1D58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:16.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "822A3C37-86F2-4E91-BE91-2A859F983941",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BD311C33-A309-44D5-BBFB-539D72C7F8C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F8383028-B719-41FD-9B6A-71F8EB4C5F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE1BC44A-F0AF-41CD-9CEB-B07AB5ADAB38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E702EBED-DB39-4084-84B1-258BC5FE7545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F7956BF-D5B6-484B-999C-36B45CD8B75B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_service_backbone:16.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DEE71EA5-B315-4F1E-BFEE-EC426B562F7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_service_backbone:19.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9DA6B655-A445-42E5-B6D9-70AB1C04774A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the \"secureValidation\" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element."
},
{
"lang": "es",
"value": "Todas las versiones de Apache Santuario - XML Security for Java anteriores a 2.2.3 y 2.1.7 son vulnerables a un problema donde la propiedad \"secureValidation\" no es pasada correctamente cuando es creado un KeyInfo a partir de un elemento KeyInfoReference. Esto permite a un atacante abusar de una transformaci\u00f3n XPath para extraer cualquier archivo local .xml en un elemento RetrievalMethod"
}
],
"id": "CVE-2021-40690",
"lastModified": "2024-11-21T06:24:34.267",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-19T18:15:07.223",
"references": [
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r3b3f5ba9b0de8c9c125077b71af06026d344a709a8ba67db81ee9faa%40%3Ccommits.tomee.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r401ecb7274794f040cd757b259ebe3e8c463ae74f7961209ccad3c59%40%3Cissues.cxf.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r8848751b6a5dd78cc9e99d627e74fecfaffdfa1bb615dce827aad633%40%3Cdev.santuario.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r8a5c0ce9014bd07303aec1e5eed55951704878016465d3dae00e0c28%40%3Ccommits.tomee.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r9c100d53c84d54cf71975e3f0cfcc2856a8846554a04c99390156ce4%40%3Ccommits.tomee.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/raf352f95c19c0c4051af3180752cb69acbea88d0d066ab176c6170e8%40%3Cuser.poi.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rbbbac0759b12472abd0c278d32b5e0867bb21934df8e14e5e641597c%40%3Ccommits.tomee.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/rbdac116aef912b563da54f4c152222c0754e32fb2f785519ac5e059f%40%3Ccommits.tomee.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/re294cfc61f509512874ea514d8d64fd276253d54ac378ffa7a4880c8%40%3Ccommits.tomee.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00015.html"
},
{
"source": "security@apache.org",
"url": "https://security.netapp.com/advisory/ntap-20230818-0002/"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-5010"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r3b3f5ba9b0de8c9c125077b71af06026d344a709a8ba67db81ee9faa%40%3Ccommits.tomee.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r401ecb7274794f040cd757b259ebe3e8c463ae74f7961209ccad3c59%40%3Cissues.cxf.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r8848751b6a5dd78cc9e99d627e74fecfaffdfa1bb615dce827aad633%40%3Cdev.santuario.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r8a5c0ce9014bd07303aec1e5eed55951704878016465d3dae00e0c28%40%3Ccommits.tomee.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r9c100d53c84d54cf71975e3f0cfcc2856a8846554a04c99390156ce4%40%3Ccommits.tomee.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/raf352f95c19c0c4051af3180752cb69acbea88d0d066ab176c6170e8%40%3Cuser.poi.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rbbbac0759b12472abd0c278d32b5e0867bb21934df8e14e5e641597c%40%3Ccommits.tomee.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rbdac116aef912b563da54f4c152222c0754e32fb2f785519ac5e059f%40%3Ccommits.tomee.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/re294cfc61f509512874ea514d8d64fd276253d54ac378ffa7a4880c8%40%3Ccommits.tomee.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20230818-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-5010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security@apache.org",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
CVE-2025-48913 (GCVE-0-2025-48913)
Vulnerability from cvelistv5 – Published: 2025-08-08 09:21 – Updated: 2025-11-04 21:11
VLAI?
Summary
If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restricted to reject those protocols, removing this possibility.
Users are recommended to upgrade to versions 3.6.8, 4.0.9 or 4.1.3, which fix this issue.
Severity ?
No CVSS data available.
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache CXF |
Affected:
4.1.0 , < 4.1.3
(semver)
Affected: 4.0.0 , < 4.0.9 (semver) Affected: 0 , < 3.6.8 (semver) |
Credits
M Bhatt (r34p3r) OWASP GenAI Security Project & Blake Gatto (b1oo) Shrewd Research
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-48913",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-13T15:03:45.098Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:11:08.194Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/08/07/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache CXF",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "4.1.3",
"status": "affected",
"version": "4.1.0",
"versionType": "semver"
},
{
"lessThan": "4.0.9",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThan": "3.6.8",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "M Bhatt (r34p3r) OWASP GenAI Security Project \u0026 Blake Gatto (b1oo) Shrewd Research"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restricted to reject those protocols, removing this possibility.\u003cbr\u003e\u003cbr\u003eUsers are recommended to upgrade to versions 3.6.8, 4.0.9 or 4.1.3, which fix this issue."
}
],
"value": "If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restricted to reject those protocols, removing this possibility.\n\nUsers are recommended to upgrade to versions 3.6.8, 4.0.9 or 4.1.3, which fix this issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-08T09:21:22.208Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/f1nv488ztc0js4g5ml2v88mzkzslyh83"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache CXF: Untrusted JMS configuration can lead to RCE",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-48913",
"datePublished": "2025-08-08T09:21:22.208Z",
"dateReserved": "2025-05-28T10:04:58.340Z",
"dateUpdated": "2025-11-04T21:11:08.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-48795 (GCVE-0-2025-48795)
Vulnerability from cvelistv5 – Published: 2025-07-15 14:26 – Updated: 2025-11-04 21:11
VLAI?
Summary
Apache CXF stores large stream based messages as temporary files on the local filesystem. A bug was introduced which means that the entire temporary file is read into memory and then logged. An attacker might be able to exploit this to cause a denial of service attack by causing an out of memory exception. In addition, it is possible to configure CXF to encrypt temporary files to prevent sensitive credentials from being cached unencrypted on the local filesystem, however this bug means that the cached files are written out to logs unencrypted.
Users are recommended to upgrade to versions 3.5.11, 3.6.6, 4.0.7 or 4.1.1, which fixes this issue.
Severity ?
No CVSS data available.
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache CXF |
Affected:
3.5.10 , < 3.5.11
(semver)
Affected: 3.6.5 , < 3.6.6 (semver) Affected: 4.0.6 , < 4.0.7 (semver) Affected: 4.1.0 , < 4.1.1 (semver) |
Credits
MAUGIN Thomas https://github.com/Thom-x, Qlik
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-48795",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-15T20:44:08.849167Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-15T20:44:33.127Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:11:06.901Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/07/15/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache CXF",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "3.5.11",
"status": "affected",
"version": "3.5.10",
"versionType": "semver"
},
{
"lessThan": "3.6.6",
"status": "affected",
"version": "3.6.5",
"versionType": "semver"
},
{
"lessThan": "4.0.7",
"status": "affected",
"version": "4.0.6",
"versionType": "semver"
},
{
"lessThan": "4.1.1",
"status": "affected",
"version": "4.1.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "MAUGIN Thomas https://github.com/Thom-x, Qlik"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Apache CXF stores large stream based messages as temporary files on the local filesystem. A bug was introduced which means that the entire temporary file is read into memory and then logged. An attacker might be able to exploit this to cause a denial of service attack by causing an out of memory exception. In addition, it is possible to configure CXF to encrypt temporary files to prevent sensitive credentials from being cached unencrypted on the local filesystem, however this bug means that the cached files are written out to logs unencrypted.\u003cbr\u003e\u003cbr\u003eUsers are recommended to upgrade to versions 3.5.11, 3.6.6, 4.0.7 or 4.1.1, which fixes this issue."
}
],
"value": "Apache CXF stores large stream based messages as temporary files on the local filesystem. A bug was introduced which means that the entire temporary file is read into memory and then logged. An attacker might be able to exploit this to cause a denial of service attack by causing an out of memory exception. In addition, it is possible to configure CXF to encrypt temporary files to prevent sensitive credentials from being cached unencrypted on the local filesystem, however this bug means that the cached files are written out to logs unencrypted.\n\nUsers are recommended to upgrade to versions 3.5.11, 3.6.6, 4.0.7 or 4.1.1, which fixes this issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-15T14:26:44.758Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/vo5qv02mvv5plmb6z2xf1ktjmrpv3jmn"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache CXF: Denial of Service and sensitive data exposure in logs",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-48795",
"datePublished": "2025-07-15T14:26:44.758Z",
"dateReserved": "2025-05-26T08:49:17.479Z",
"dateUpdated": "2025-11-04T21:11:06.901Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-23184 (GCVE-0-2025-23184)
Vulnerability from cvelistv5 – Published: 2025-01-21 09:35 – Updated: 2025-02-15 00:10
VLAI?
Summary
A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system (it applies to servers and clients).
Severity ?
5.9 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache CXF |
Affected:
0 , < 3.5.10
(semver)
Affected: 3.6.0 , < 3.6.5 (semver) Affected: 4.0.0 , < 4.0.6 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-02-15T00:10:35.436Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/01/20/3"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250214-0003/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23184",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-21T15:12:38.751238Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T15:12:47.675Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache CXF",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "3.5.10",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "3.6.5",
"status": "affected",
"version": "3.6.0",
"versionType": "semver"
},
{
"lessThan": "4.0.6",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A potential denial of service vulnerability is present in versions of Apache CXF before\u0026nbsp;3.5.10, 3.6.5 and 4.0.6.\u0026nbsp;In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system (it applies to servers and clients).\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "A potential denial of service vulnerability is present in versions of Apache CXF before\u00a03.5.10, 3.6.5 and 4.0.6.\u00a0In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system (it applies to servers and clients)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T09:35:37.468Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122"
}
],
"source": {
"defect": [
"CXF-7396"
],
"discovery": "EXTERNAL"
},
"title": "Apache CXF: Denial of Service vulnerability with temporary files",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-23184",
"datePublished": "2025-01-21T09:35:37.468Z",
"dateReserved": "2025-01-13T10:54:19.489Z",
"dateUpdated": "2025-02-15T00:10:35.436Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41172 (GCVE-0-2024-41172)
Vulnerability from cvelistv5 – Published: 2024-07-19 08:50 – Updated: 2024-09-13 17:05
VLAI?
Summary
In versions of Apache CXF before 3.6.4 and 4.0.5 (3.5.x and lower versions are not impacted), a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the application to run out of memory
Severity ?
No CVSS data available.
CWE
- CWE-401 - Missing Release of Memory after Effective Lifetime
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache CXF |
Affected:
3.6.0, 4.0.0 , < 3.6.4, 4.0.5
(semver)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cxf",
"vendor": "apache",
"versions": [
{
"lessThan": "3.6.4",
"status": "affected",
"version": "3.6.0",
"versionType": "semver"
},
{
"lessThan": "4.0.5",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-41172",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-23T17:58:41.172215Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T18:59:47.054Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-09-13T17:05:12.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/n2hvbrgwpdtcqdccod8by28ynnolybl6"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240808-0008/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/18/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache CXF",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "3.6.4, 4.0.5",
"status": "affected",
"version": "3.6.0, 4.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In versions of Apache CXF before 3.6.4 and 4.0.5 (3.5.x and lower versions are not impacted), a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the application to run out of memory\u003cbr\u003e"
}
],
"value": "In versions of Apache CXF before 3.6.4 and 4.0.5 (3.5.x and lower versions are not impacted), a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the application to run out of memory\n"
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T08:50:43.766Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/n2hvbrgwpdtcqdccod8by28ynnolybl6"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache CXF: Unrestricted memory consumption in CXF HTTP clients",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-41172",
"datePublished": "2024-07-19T08:50:43.766Z",
"dateReserved": "2024-07-17T13:38:34.414Z",
"dateUpdated": "2024-09-13T17:05:12.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32007 (GCVE-0-2024-32007)
Vulnerability from cvelistv5 – Published: 2024-07-19 08:50 – Updated: 2024-09-13 17:04
VLAI?
Summary
An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token.Â
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache CXF |
Affected:
0 , < 4.0.5, 3.6.4, 3.5.9
(semver)
|
Credits
Jingcheng Yang and Jianjun Chen from Sichuan University and Zhongguancun Lab.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cxf",
"vendor": "apache",
"versions": [
{
"lessThan": "4.0.5",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "3.6.4",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "3.5.9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-32007",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-19T17:00:33.143276Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T17:02:50.657Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-09-13T17:04:44.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/stwrgsr1llb73nkl16klv9vjqgmmx633"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240808-0009/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/18/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "org.apache.cxf.rs.security.jose",
"product": "Apache CXF",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "4.0.5, 3.6.4, 3.5.9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jingcheng Yang and Jianjun Chen from Sichuan University and Zhongguancun Lab."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An improper input validation of the\u0026nbsp;p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9\u0026nbsp;allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token.\u0026nbsp;\u003cbr\u003e"
}
],
"value": "An improper input validation of the\u00a0p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9\u00a0allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token.\u00a0\n"
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T08:50:31.832Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/stwrgsr1llb73nkl16klv9vjqgmmx633"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache CXF Denial of Service vulnerability in JOSE",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-32007",
"datePublished": "2024-07-19T08:50:31.832Z",
"dateReserved": "2024-04-08T15:34:17.712Z",
"dateUpdated": "2024-09-13T17:04:44.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29736 (GCVE-0-2024-29736)
Vulnerability from cvelistv5 – Published: 2024-07-19 08:50 – Updated: 2024-11-15 13:08
VLAI?
Summary
A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only applies if a custom stylesheet parameter is configured.
Severity ?
No CVSS data available.
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache CXF |
Affected:
0 , < 3.5.9, 3.6.4, 4.0.5
(semver)
|
Credits
Tobias S. Fink
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cxf",
"vendor": "apache",
"versions": [
{
"lessThan": "3.5.9",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "3.6.4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.0.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-29736",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-19T16:00:28.002828Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T16:02:00.261Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-11-15T13:08:15.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/4jtpsswn2r6xommol54p5mg263ysgdw2"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/18/2"
},
{
"url": "https://security.netapp.com/advisory/ntap-20241115-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache CXF",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "3.5.9, 3.6.4, 4.0.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tobias S. Fink"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only applies if a custom stylesheet parameter is configured."
}
],
"value": "A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only applies if a custom stylesheet parameter is configured."
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T08:50:08.265Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/4jtpsswn2r6xommol54p5mg263ysgdw2"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache CXF: SSRF vulnerability via WADL stylesheet parameter",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-29736",
"datePublished": "2024-07-19T08:50:08.265Z",
"dateReserved": "2024-03-19T11:19:47.785Z",
"dateUpdated": "2024-11-15T13:08:15.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28752 (GCVE-0-2024-28752)
Vulnerability from cvelistv5 – Published: 2024-03-15 10:27 – Updated: 2025-02-13 17:47
VLAI?
Summary
A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings (including the default databinding) are not impacted.
Severity ?
No CVSS data available.
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache CXF |
Affected:
0 , < 4.0.4, 3.6.3, 3.5.8
(semver)
|
Credits
Tobias S. Fink
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "oncommand_workflow_automation",
"vendor": "netapp",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "cxf",
"vendor": "apache",
"versions": [
{
"lessThan": "4.0.4",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "3.6.3",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "3.5.8",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-28752",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-20T03:55:33.259328Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-22T13:59:26.146Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:56:58.056Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/14/3"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240517-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "org.apache.cxf.aegis",
"product": "Apache CXF",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "4.0.4, 3.6.3, 3.5.8",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tobias S. Fink"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings (including the default databinding) are not impacted.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings (including the default databinding) are not impacted."
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T16:13:48.314Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/03/14/3"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240517-0001/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache CXF SSRF Vulnerability using the Aegis databinding",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-28752",
"datePublished": "2024-03-15T10:27:30.083Z",
"dateReserved": "2024-03-08T12:29:39.918Z",
"dateUpdated": "2025-02-13T17:47:30.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46364 (GCVE-0-2022-46364)
Vulnerability from cvelistv5 – Published: 2022-12-13 16:20 – Updated: 2025-04-22 02:48
VLAI?
Summary
A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.Â
Severity ?
No CVSS data available.
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache CXF |
Affected:
0 , < 3.5.5
(custom)
Affected: 0 , < 3.4.10 (custom) |
Credits
thanat0s from Beijin Qihoo 360 adlab
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:31:46.249Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-46364",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T02:48:12.377210Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T02:48:36.211Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache CXF",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "3.5.5",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "3.4.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "thanat0s from Beijin Qihoo 360 adlab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SSRF vulnerability in parsing the\u0026nbsp;href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.\u0026nbsp;"
}
],
"value": "A SSRF vulnerability in parsing the\u00a0href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.\u00a0"
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T16:20:26.765Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache CXF SSRF Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2022-46364",
"datePublished": "2022-12-13T16:20:26.765Z",
"dateReserved": "2022-12-02T08:07:46.894Z",
"dateUpdated": "2025-04-22T02:48:36.211Z",
"requesterUserId": "cf81350d-439c-4450-9d42-0a054bb6b6c9",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46363 (GCVE-0-2022-46363)
Vulnerability from cvelistv5 – Published: 2022-12-13 14:46 – Updated: 2025-04-22 02:50
VLAI?
Summary
A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows an attacker to perform a remote directory listing or code exfiltration. The vulnerability only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, and so the vulnerability can only arise if the CXF service is misconfigured.
Severity ?
No CVSS data available.
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache CXF |
Affected:
3.5 , < 3.5.5
(maven)
Affected: 3.4 , < 3.4.10 (maven) |
Credits
thanat0s from Beijin Qihoo 360 adlab
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:31:45.874Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-46363",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T02:50:18.035706Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T02:50:45.431Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache CXF",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "3.5.5",
"status": "affected",
"version": "3.5",
"versionType": "maven"
},
{
"lessThan": "3.4.10",
"status": "affected",
"version": "3.4",
"versionType": "maven"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "thanat0s from Beijin Qihoo 360 adlab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows an attacker to perform a remote directory listing or code exfiltration. The vulnerability only applies when the\u0026nbsp;CXFServlet is configured with both the\u0026nbsp;static-resources-list and\u0026nbsp;redirect-query-check attributes. These attributes are not supposed to be used together, and so the vulnerability can only arise if the CXF service is misconfigured.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows an attacker to perform a remote directory listing or code exfiltration. The vulnerability only applies when the\u00a0CXFServlet is configured with both the\u00a0static-resources-list and\u00a0redirect-query-check attributes. These attributes are not supposed to be used together, and so the vulnerability can only arise if the CXF service is misconfigured.\n\n"
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T14:48:16.676Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache CXF directory listing / code exfiltration",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2022-46363",
"datePublished": "2022-12-13T14:46:55.619Z",
"dateReserved": "2022-12-02T08:07:29.876Z",
"dateUpdated": "2025-04-22T02:50:45.431Z",
"requesterUserId": "cf81350d-439c-4450-9d42-0a054bb6b6c9",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-40690 (GCVE-0-2021-40690)
Vulnerability from cvelistv5 – Published: 2021-09-19 00:00 – Updated: 2024-08-04 02:51
VLAI?
Summary
All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.
Severity ?
No CVSS data available.
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Santuario |
Affected:
XML Security for Java , < 2.2.3,2.1.7
(custom)
|
Credits
An Trinh, Calif.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:51:06.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8848751b6a5dd78cc9e99d627e74fecfaffdfa1bb615dce827aad633%40%3Cdev.santuario.apache.org%3E"
},
{
"name": "[tomee-commits] 20210922 [tomee] 02/02: Update xmlsec to 2.2.3 to mitigate CVE-2021-40690",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rbdac116aef912b563da54f4c152222c0754e32fb2f785519ac5e059f%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20210923 [jira] [Resolved] (TOMEE-3798) TomEE (8.0.8) is affected by CVE-2021-40690 vulnerability",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re294cfc61f509512874ea514d8d64fd276253d54ac378ffa7a4880c8%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20210923 [jira] [Created] (TOMEE-3798) TomEE (8.0.8) is affected by CVE-2021-40690 vulnerability",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8a5c0ce9014bd07303aec1e5eed55951704878016465d3dae00e0c28%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20210923 [jira] [Assigned] (TOMEE-3798) TomEE (8.0.8) is affected by CVE-2021-40690 vulnerability",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9c100d53c84d54cf71975e3f0cfcc2856a8846554a04c99390156ce4%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20210923 [jira] [Updated] (TOMEE-3798) TomEE (8.0.8) is affected by CVE-2021-40690 vulnerability",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r3b3f5ba9b0de8c9c125077b71af06026d344a709a8ba67db81ee9faa%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[poi-user] 20210923 Re: CVE-2021-40690 on xmlsec jar",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/raf352f95c19c0c4051af3180752cb69acbea88d0d066ab176c6170e8%40%3Cuser.poi.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20210927 [SECURITY] [DLA 2767-1] libxml-security-java security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00015.html"
},
{
"name": "[cxf-issues] 20211027 [jira] [Created] (CXF-8613) High Security issues reported with Apache Santuario library bundled in CXF 3.4.4",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r401ecb7274794f040cd757b259ebe3e8c463ae74f7961209ccad3c59%40%3Cissues.cxf.apache.org%3E"
},
{
"name": "[tomee-commits] 20211028 [jira] [Updated] (TOMEE-3798) TomEE (8.0.8) is affected by CVE-2021-40690 vulnerability",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rbbbac0759b12472abd0c278d32b5e0867bb21934df8e14e5e641597c%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "DSA-5010",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-5010"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230818-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Santuario",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "2.2.3,2.1.7",
"status": "affected",
"version": "XML Security for Java",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "An Trinh, Calif."
}
],
"descriptions": [
{
"lang": "en",
"value": "All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the \"secureValidation\" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-18T13:06:19.359156",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"url": "https://lists.apache.org/thread.html/r8848751b6a5dd78cc9e99d627e74fecfaffdfa1bb615dce827aad633%40%3Cdev.santuario.apache.org%3E"
},
{
"name": "[tomee-commits] 20210922 [tomee] 02/02: Update xmlsec to 2.2.3 to mitigate CVE-2021-40690",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rbdac116aef912b563da54f4c152222c0754e32fb2f785519ac5e059f%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20210923 [jira] [Resolved] (TOMEE-3798) TomEE (8.0.8) is affected by CVE-2021-40690 vulnerability",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/re294cfc61f509512874ea514d8d64fd276253d54ac378ffa7a4880c8%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20210923 [jira] [Created] (TOMEE-3798) TomEE (8.0.8) is affected by CVE-2021-40690 vulnerability",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r8a5c0ce9014bd07303aec1e5eed55951704878016465d3dae00e0c28%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20210923 [jira] [Assigned] (TOMEE-3798) TomEE (8.0.8) is affected by CVE-2021-40690 vulnerability",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r9c100d53c84d54cf71975e3f0cfcc2856a8846554a04c99390156ce4%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20210923 [jira] [Updated] (TOMEE-3798) TomEE (8.0.8) is affected by CVE-2021-40690 vulnerability",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r3b3f5ba9b0de8c9c125077b71af06026d344a709a8ba67db81ee9faa%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[poi-user] 20210923 Re: CVE-2021-40690 on xmlsec jar",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/raf352f95c19c0c4051af3180752cb69acbea88d0d066ab176c6170e8%40%3Cuser.poi.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20210927 [SECURITY] [DLA 2767-1] libxml-security-java security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00015.html"
},
{
"name": "[cxf-issues] 20211027 [jira] [Created] (CXF-8613) High Security issues reported with Apache Santuario library bundled in CXF 3.4.4",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r401ecb7274794f040cd757b259ebe3e8c463ae74f7961209ccad3c59%40%3Cissues.cxf.apache.org%3E"
},
{
"name": "[tomee-commits] 20211028 [jira] [Updated] (TOMEE-3798) TomEE (8.0.8) is affected by CVE-2021-40690 vulnerability",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rbbbac0759b12472abd0c278d32b5e0867bb21934df8e14e5e641597c%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "DSA-5010",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2021/dsa-5010"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230818-0002/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Bypass of the secureValidation property",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2021-40690",
"datePublished": "2021-09-19T00:00:00",
"dateReserved": "2021-09-08T00:00:00",
"dateUpdated": "2024-08-04T02:51:06.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-48913 (GCVE-0-2025-48913)
Vulnerability from nvd – Published: 2025-08-08 09:21 – Updated: 2025-11-04 21:11
VLAI?
Summary
If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restricted to reject those protocols, removing this possibility.
Users are recommended to upgrade to versions 3.6.8, 4.0.9 or 4.1.3, which fix this issue.
Severity ?
No CVSS data available.
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache CXF |
Affected:
4.1.0 , < 4.1.3
(semver)
Affected: 4.0.0 , < 4.0.9 (semver) Affected: 0 , < 3.6.8 (semver) |
Credits
M Bhatt (r34p3r) OWASP GenAI Security Project & Blake Gatto (b1oo) Shrewd Research
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-48913",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-13T15:03:45.098Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:11:08.194Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/08/07/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache CXF",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "4.1.3",
"status": "affected",
"version": "4.1.0",
"versionType": "semver"
},
{
"lessThan": "4.0.9",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
},
{
"lessThan": "3.6.8",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "M Bhatt (r34p3r) OWASP GenAI Security Project \u0026 Blake Gatto (b1oo) Shrewd Research"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restricted to reject those protocols, removing this possibility.\u003cbr\u003e\u003cbr\u003eUsers are recommended to upgrade to versions 3.6.8, 4.0.9 or 4.1.3, which fix this issue."
}
],
"value": "If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restricted to reject those protocols, removing this possibility.\n\nUsers are recommended to upgrade to versions 3.6.8, 4.0.9 or 4.1.3, which fix this issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-08T09:21:22.208Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/f1nv488ztc0js4g5ml2v88mzkzslyh83"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache CXF: Untrusted JMS configuration can lead to RCE",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-48913",
"datePublished": "2025-08-08T09:21:22.208Z",
"dateReserved": "2025-05-28T10:04:58.340Z",
"dateUpdated": "2025-11-04T21:11:08.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-48795 (GCVE-0-2025-48795)
Vulnerability from nvd – Published: 2025-07-15 14:26 – Updated: 2025-11-04 21:11
VLAI?
Summary
Apache CXF stores large stream based messages as temporary files on the local filesystem. A bug was introduced which means that the entire temporary file is read into memory and then logged. An attacker might be able to exploit this to cause a denial of service attack by causing an out of memory exception. In addition, it is possible to configure CXF to encrypt temporary files to prevent sensitive credentials from being cached unencrypted on the local filesystem, however this bug means that the cached files are written out to logs unencrypted.
Users are recommended to upgrade to versions 3.5.11, 3.6.6, 4.0.7 or 4.1.1, which fixes this issue.
Severity ?
No CVSS data available.
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache CXF |
Affected:
3.5.10 , < 3.5.11
(semver)
Affected: 3.6.5 , < 3.6.6 (semver) Affected: 4.0.6 , < 4.0.7 (semver) Affected: 4.1.0 , < 4.1.1 (semver) |
Credits
MAUGIN Thomas https://github.com/Thom-x, Qlik
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-48795",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-15T20:44:08.849167Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-15T20:44:33.127Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:11:06.901Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/07/15/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache CXF",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "3.5.11",
"status": "affected",
"version": "3.5.10",
"versionType": "semver"
},
{
"lessThan": "3.6.6",
"status": "affected",
"version": "3.6.5",
"versionType": "semver"
},
{
"lessThan": "4.0.7",
"status": "affected",
"version": "4.0.6",
"versionType": "semver"
},
{
"lessThan": "4.1.1",
"status": "affected",
"version": "4.1.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "MAUGIN Thomas https://github.com/Thom-x, Qlik"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Apache CXF stores large stream based messages as temporary files on the local filesystem. A bug was introduced which means that the entire temporary file is read into memory and then logged. An attacker might be able to exploit this to cause a denial of service attack by causing an out of memory exception. In addition, it is possible to configure CXF to encrypt temporary files to prevent sensitive credentials from being cached unencrypted on the local filesystem, however this bug means that the cached files are written out to logs unencrypted.\u003cbr\u003e\u003cbr\u003eUsers are recommended to upgrade to versions 3.5.11, 3.6.6, 4.0.7 or 4.1.1, which fixes this issue."
}
],
"value": "Apache CXF stores large stream based messages as temporary files on the local filesystem. A bug was introduced which means that the entire temporary file is read into memory and then logged. An attacker might be able to exploit this to cause a denial of service attack by causing an out of memory exception. In addition, it is possible to configure CXF to encrypt temporary files to prevent sensitive credentials from being cached unencrypted on the local filesystem, however this bug means that the cached files are written out to logs unencrypted.\n\nUsers are recommended to upgrade to versions 3.5.11, 3.6.6, 4.0.7 or 4.1.1, which fixes this issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-15T14:26:44.758Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/vo5qv02mvv5plmb6z2xf1ktjmrpv3jmn"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache CXF: Denial of Service and sensitive data exposure in logs",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-48795",
"datePublished": "2025-07-15T14:26:44.758Z",
"dateReserved": "2025-05-26T08:49:17.479Z",
"dateUpdated": "2025-11-04T21:11:06.901Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-23184 (GCVE-0-2025-23184)
Vulnerability from nvd – Published: 2025-01-21 09:35 – Updated: 2025-02-15 00:10
VLAI?
Summary
A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system (it applies to servers and clients).
Severity ?
5.9 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache CXF |
Affected:
0 , < 3.5.10
(semver)
Affected: 3.6.0 , < 3.6.5 (semver) Affected: 4.0.0 , < 4.0.6 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-02-15T00:10:35.436Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/01/20/3"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250214-0003/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-23184",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-21T15:12:38.751238Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T15:12:47.675Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache CXF",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "3.5.10",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "3.6.5",
"status": "affected",
"version": "3.6.0",
"versionType": "semver"
},
{
"lessThan": "4.0.6",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A potential denial of service vulnerability is present in versions of Apache CXF before\u0026nbsp;3.5.10, 3.6.5 and 4.0.6.\u0026nbsp;In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system (it applies to servers and clients).\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "A potential denial of service vulnerability is present in versions of Apache CXF before\u00a03.5.10, 3.6.5 and 4.0.6.\u00a0In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system (it applies to servers and clients)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T09:35:37.468Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122"
}
],
"source": {
"defect": [
"CXF-7396"
],
"discovery": "EXTERNAL"
},
"title": "Apache CXF: Denial of Service vulnerability with temporary files",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-23184",
"datePublished": "2025-01-21T09:35:37.468Z",
"dateReserved": "2025-01-13T10:54:19.489Z",
"dateUpdated": "2025-02-15T00:10:35.436Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41172 (GCVE-0-2024-41172)
Vulnerability from nvd – Published: 2024-07-19 08:50 – Updated: 2024-09-13 17:05
VLAI?
Summary
In versions of Apache CXF before 3.6.4 and 4.0.5 (3.5.x and lower versions are not impacted), a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the application to run out of memory
Severity ?
No CVSS data available.
CWE
- CWE-401 - Missing Release of Memory after Effective Lifetime
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache CXF |
Affected:
3.6.0, 4.0.0 , < 3.6.4, 4.0.5
(semver)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cxf",
"vendor": "apache",
"versions": [
{
"lessThan": "3.6.4",
"status": "affected",
"version": "3.6.0",
"versionType": "semver"
},
{
"lessThan": "4.0.5",
"status": "affected",
"version": "4.0.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-41172",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-23T17:58:41.172215Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T18:59:47.054Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-09-13T17:05:12.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/n2hvbrgwpdtcqdccod8by28ynnolybl6"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240808-0008/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/18/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache CXF",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "3.6.4, 4.0.5",
"status": "affected",
"version": "3.6.0, 4.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In versions of Apache CXF before 3.6.4 and 4.0.5 (3.5.x and lower versions are not impacted), a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the application to run out of memory\u003cbr\u003e"
}
],
"value": "In versions of Apache CXF before 3.6.4 and 4.0.5 (3.5.x and lower versions are not impacted), a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the application to run out of memory\n"
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T08:50:43.766Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/n2hvbrgwpdtcqdccod8by28ynnolybl6"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache CXF: Unrestricted memory consumption in CXF HTTP clients",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-41172",
"datePublished": "2024-07-19T08:50:43.766Z",
"dateReserved": "2024-07-17T13:38:34.414Z",
"dateUpdated": "2024-09-13T17:05:12.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-32007 (GCVE-0-2024-32007)
Vulnerability from nvd – Published: 2024-07-19 08:50 – Updated: 2024-09-13 17:04
VLAI?
Summary
An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token.Â
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache CXF |
Affected:
0 , < 4.0.5, 3.6.4, 3.5.9
(semver)
|
Credits
Jingcheng Yang and Jianjun Chen from Sichuan University and Zhongguancun Lab.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cxf",
"vendor": "apache",
"versions": [
{
"lessThan": "4.0.5",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "3.6.4",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "3.5.9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-32007",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-19T17:00:33.143276Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T17:02:50.657Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-09-13T17:04:44.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/stwrgsr1llb73nkl16klv9vjqgmmx633"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240808-0009/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/18/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "org.apache.cxf.rs.security.jose",
"product": "Apache CXF",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "4.0.5, 3.6.4, 3.5.9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jingcheng Yang and Jianjun Chen from Sichuan University and Zhongguancun Lab."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An improper input validation of the\u0026nbsp;p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9\u0026nbsp;allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token.\u0026nbsp;\u003cbr\u003e"
}
],
"value": "An improper input validation of the\u00a0p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9\u00a0allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token.\u00a0\n"
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T08:50:31.832Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/stwrgsr1llb73nkl16klv9vjqgmmx633"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache CXF Denial of Service vulnerability in JOSE",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-32007",
"datePublished": "2024-07-19T08:50:31.832Z",
"dateReserved": "2024-04-08T15:34:17.712Z",
"dateUpdated": "2024-09-13T17:04:44.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29736 (GCVE-0-2024-29736)
Vulnerability from nvd – Published: 2024-07-19 08:50 – Updated: 2024-11-15 13:08
VLAI?
Summary
A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only applies if a custom stylesheet parameter is configured.
Severity ?
No CVSS data available.
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache CXF |
Affected:
0 , < 3.5.9, 3.6.4, 4.0.5
(semver)
|
Credits
Tobias S. Fink
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cxf",
"vendor": "apache",
"versions": [
{
"lessThan": "3.5.9",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "3.6.4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.0.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-29736",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-19T16:00:28.002828Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T16:02:00.261Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-11-15T13:08:15.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/4jtpsswn2r6xommol54p5mg263ysgdw2"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/18/2"
},
{
"url": "https://security.netapp.com/advisory/ntap-20241115-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache CXF",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "3.5.9, 3.6.4, 4.0.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tobias S. Fink"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only applies if a custom stylesheet parameter is configured."
}
],
"value": "A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only applies if a custom stylesheet parameter is configured."
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T08:50:08.265Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/4jtpsswn2r6xommol54p5mg263ysgdw2"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache CXF: SSRF vulnerability via WADL stylesheet parameter",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-29736",
"datePublished": "2024-07-19T08:50:08.265Z",
"dateReserved": "2024-03-19T11:19:47.785Z",
"dateUpdated": "2024-11-15T13:08:15.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28752 (GCVE-0-2024-28752)
Vulnerability from nvd – Published: 2024-03-15 10:27 – Updated: 2025-02-13 17:47
VLAI?
Summary
A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings (including the default databinding) are not impacted.
Severity ?
No CVSS data available.
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache CXF |
Affected:
0 , < 4.0.4, 3.6.3, 3.5.8
(semver)
|
Credits
Tobias S. Fink
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "oncommand_workflow_automation",
"vendor": "netapp",
"versions": [
{
"status": "affected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "cxf",
"vendor": "apache",
"versions": [
{
"lessThan": "4.0.4",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "3.6.3",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "3.5.8",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-28752",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-20T03:55:33.259328Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-22T13:59:26.146Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:56:58.056Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/14/3"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240517-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "org.apache.cxf.aegis",
"product": "Apache CXF",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "4.0.4, 3.6.3, 3.5.8",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tobias S. Fink"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings (including the default databinding) are not impacted.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings (including the default databinding) are not impacted."
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T16:13:48.314Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/03/14/3"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240517-0001/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache CXF SSRF Vulnerability using the Aegis databinding",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-28752",
"datePublished": "2024-03-15T10:27:30.083Z",
"dateReserved": "2024-03-08T12:29:39.918Z",
"dateUpdated": "2025-02-13T17:47:30.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46364 (GCVE-0-2022-46364)
Vulnerability from nvd – Published: 2022-12-13 16:20 – Updated: 2025-04-22 02:48
VLAI?
Summary
A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.Â
Severity ?
No CVSS data available.
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache CXF |
Affected:
0 , < 3.5.5
(custom)
Affected: 0 , < 3.4.10 (custom) |
Credits
thanat0s from Beijin Qihoo 360 adlab
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:31:46.249Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-46364",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T02:48:12.377210Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T02:48:36.211Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache CXF",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "3.5.5",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "3.4.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "thanat0s from Beijin Qihoo 360 adlab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A SSRF vulnerability in parsing the\u0026nbsp;href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.\u0026nbsp;"
}
],
"value": "A SSRF vulnerability in parsing the\u00a0href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.\u00a0"
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T16:20:26.765Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache CXF SSRF Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2022-46364",
"datePublished": "2022-12-13T16:20:26.765Z",
"dateReserved": "2022-12-02T08:07:46.894Z",
"dateUpdated": "2025-04-22T02:48:36.211Z",
"requesterUserId": "cf81350d-439c-4450-9d42-0a054bb6b6c9",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46363 (GCVE-0-2022-46363)
Vulnerability from nvd – Published: 2022-12-13 14:46 – Updated: 2025-04-22 02:50
VLAI?
Summary
A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows an attacker to perform a remote directory listing or code exfiltration. The vulnerability only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, and so the vulnerability can only arise if the CXF service is misconfigured.
Severity ?
No CVSS data available.
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache CXF |
Affected:
3.5 , < 3.5.5
(maven)
Affected: 3.4 , < 3.4.10 (maven) |
Credits
thanat0s from Beijin Qihoo 360 adlab
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:31:45.874Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-46363",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T02:50:18.035706Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T02:50:45.431Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache CXF",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "3.5.5",
"status": "affected",
"version": "3.5",
"versionType": "maven"
},
{
"lessThan": "3.4.10",
"status": "affected",
"version": "3.4",
"versionType": "maven"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "thanat0s from Beijin Qihoo 360 adlab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows an attacker to perform a remote directory listing or code exfiltration. The vulnerability only applies when the\u0026nbsp;CXFServlet is configured with both the\u0026nbsp;static-resources-list and\u0026nbsp;redirect-query-check attributes. These attributes are not supposed to be used together, and so the vulnerability can only arise if the CXF service is misconfigured.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows an attacker to perform a remote directory listing or code exfiltration. The vulnerability only applies when the\u00a0CXFServlet is configured with both the\u00a0static-resources-list and\u00a0redirect-query-check attributes. These attributes are not supposed to be used together, and so the vulnerability can only arise if the CXF service is misconfigured.\n\n"
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T14:48:16.676Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache CXF directory listing / code exfiltration",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2022-46363",
"datePublished": "2022-12-13T14:46:55.619Z",
"dateReserved": "2022-12-02T08:07:29.876Z",
"dateUpdated": "2025-04-22T02:50:45.431Z",
"requesterUserId": "cf81350d-439c-4450-9d42-0a054bb6b6c9",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-202004-0983
Vulnerability from variot - Updated: 2024-07-23 20:25Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX. Apache CXF There is an information leakage vulnerability in.Information may be obtained. Apache CXF is an open source Web service framework of the Apache Software Foundation. The framework supports a variety of Web service standards, a variety of front-end programming API and so on.
The References section of this erratum contains a download link (you must log in to download the update).
The JBoss server process must be restarted for the update to take effect. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: Red Hat JBoss Enterprise Application Platform 7.3.3 security update on RHEL 8 Advisory ID: RHSA-2020:4245-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2020:4245 Issue date: 2020-10-13 CVE Names: CVE-2020-1954 CVE-2020-14299 CVE-2020-14338 CVE-2020-14340 ==================================================================== 1. Summary:
An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat JBoss EAP 7.3 for BaseOS-8 - noarch, x86_64
- Description:
Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
This release of Red Hat JBoss Enterprise Application Platform 7.3.3 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.2 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.3 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
-
picketbox: JBoss EAP reload to admin-only mode allows authentication bypass (CVE-2020-14299)
-
wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl (CVE-2020-14338)
-
xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS (CVE-2020-14340)
-
cxf: JMX integration is vulnerable to a MITM attack (CVE-2020-1954)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.
For details about how to apply this update, see:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1824301 - CVE-2020-1954 cxf: JMX integration is vulnerable to a MITM attack 1848533 - CVE-2020-14299 picketbox: JBoss EAP reload to admin-only mode allows authentication bypass 1860054 - CVE-2020-14338 wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl 1860218 - CVE-2020-14340 xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS
- JIRA issues fixed (https://issues.jboss.org/):
JBEAP-19379 - GSS Upgrade Hibernate ORM from 5.3.17 to 5.3.18 JBEAP-19444 - Tracker bug for the EAP 7.3.3 release for RHEL-8 JBEAP-19596 - GSS CMTOOL-277 - Migration from EAP 6.4 Update 22 to EAP 7.3 create a misspelled 'Application Realm' JBEAP-19613 - (7.3.z) ELY-1975 - Update AcmeClientSpi#obtainCertificate so that it obtains the order URL from the response to newOrder JBEAP-19615 - (7.3.z) ELY-1968 - Update error message returned by AcmeClientSpi#getLocation JBEAP-19642 - (7.3.z) Upgrade jberet-core from 1.3.5.Final to 1.3.7.Final JBEAP-19695 - GSS Upgrade Apache CXF from 3.3.5 to 3.3.7 JBEAP-19698 - GSS Upgrade Invocation from 1.5.2.Final-redhat-00001 to 1.5.3.Final... JBEAP-19700 - GSS Upgrade Migration Tool from 1.7.1-redhat-00003 to 1.7.2-redhat-00001 JBEAP-19701 - GSS Upgrade jgroups from 4.1.4.Final-redhat-00001 to 4.1.10.Final-redhat-00001 JBEAP-19715 - GSS Upgrade Artemis Native to 1.0.2 JBEAP-19746 - GSS Upgrade JBoss Log Manager from 2.1.15 to 2.1.17 JBEAP-19789 - GSS Upgrade Narayana from 5.9.8.Final to 5.9.9.Final JBEAP-19791 - GSS Upgrade HAL from 3.2.9.Final-redhat-00001 to 3.2.10.Final-redhat-00001 JBEAP-19795 - (7.3.z) Upgrade JSF based on Mojarra 2.3.9.SP11-redhat-00001 to 2.3.9.SP12-redhat-00001 JBEAP-19796 - GSS Upgrade Artemis from 2.9.0.redhat-00010 to 2.9.0.redhat-00011 JBEAP-19822 - (7.3.z) Upgrade MP fault-tolerance to 2.1.1 JBEAP-19888 - (7.3.z) Upgrade SmallRye OpenAPI to 1.1.23 JBEAP-19934 - (7.3.z) Upgrade bouncycastle to 1.65 JBEAP-19935 - (7.3.z) Upgrade commons-codec to 1.14 JBEAP-19936 - (7.3.z) Upgrade commons-lang3 from 3.9 to 3.10 JBEAP-19937 - (7.3.z) Upgrade snakeyaml to 1.26 JBEAP-19938 - (7.3.z) Upgrade velocity to 2.2 JBEAP-19939 - (7.3.z) Upgrade httpcomponents httpclient from 4.5.4 to 4.5.12 JBEAP-19940 - (7.3.z) Upgrade httpcomponents httpcore from 4.4.5 to 4.4.13 JBEAP-19942 - (7.3.z) Upgrade XNIO from 3.7.8.SP1 to 3.7.9.Final JBEAP-19955 - (7.3.z) Update xmlschema to 2.2.5 JBEAP-19965 - (7.3.z) Fix PreservePathTestCase after httpclient upgrade JBEAP-20027 - (7.3.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00012 to 2.5.5.SP12-redhat-00013 JBEAP-20037 - GSS Upgrade wildfly-transaction-client from 1.1.11.Final-redhat-00001 to 1.1.13.Final-redhat-00001 JBEAP-20064 - (7.3.z) Update PR template to include PR-processor hints for wildfly-core-eap JBEAP-20087 - GSS WFLY-13147 - Deployment slowdown after WFLY upgrade (DeploymentArchive handling) JBEAP-20112 - (7.3.z) Upgrade smallrye-fault-tolerance to 4.2.1
- Package List:
Red Hat JBoss EAP 7.3 for BaseOS-8:
Source: eap7-activemq-artemis-2.9.0-5.redhat_00011.1.el8eap.src.rpm eap7-activemq-artemis-native-1.0.2-1.redhat_00001.1.el8eap.src.rpm eap7-apache-commons-codec-1.14.0-1.redhat_00001.1.el8eap.src.rpm eap7-apache-commons-lang-3.10.0-1.redhat_00001.1.el8eap.src.rpm eap7-apache-cxf-3.3.7-1.redhat_00001.1.el8eap.src.rpm eap7-artemis-native-1.0.2-3.redhat_1.el8eap.src.rpm eap7-bouncycastle-1.65.0-1.redhat_00001.1.el8eap.src.rpm eap7-glassfish-jsf-2.3.9-11.SP12_redhat_00001.1.el8eap.src.rpm eap7-hal-console-3.2.10-1.Final_redhat_00001.1.el8eap.src.rpm eap7-hibernate-5.3.18-1.Final_redhat_00001.1.el8eap.src.rpm eap7-httpcomponents-client-4.5.12-1.redhat_00001.1.el8eap.src.rpm eap7-httpcomponents-core-4.4.13-1.redhat_00001.1.el8eap.src.rpm eap7-jberet-1.3.7-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-invocation-1.5.3-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-logmanager-2.1.17-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jboss-server-migration-1.7.2-2.Final_redhat_00002.1.el8eap.src.rpm eap7-jboss-xnio-base-3.7.9-1.Final_redhat_00001.1.el8eap.src.rpm eap7-jgroups-4.1.10-1.Final_redhat_00001.1.el8eap.src.rpm eap7-narayana-5.9.9-1.Final_redhat_00001.1.el8eap.src.rpm eap7-picketbox-5.0.3-8.Final_redhat_00007.1.el8eap.src.rpm eap7-picketlink-bindings-2.5.5-25.SP12_redhat_00013.1.el8eap.src.rpm eap7-snakeyaml-1.26.0-1.redhat_00001.1.el8eap.src.rpm eap7-undertow-2.0.31-1.SP1_redhat_00001.1.el8eap.src.rpm eap7-velocity-2.2.0-1.redhat_00001.1.el8eap.src.rpm eap7-wildfly-7.3.3-4.GA_redhat_00004.1.el8eap.src.rpm eap7-wildfly-elytron-1.10.8-1.Final_redhat_00001.1.el8eap.src.rpm eap7-wildfly-transaction-client-1.1.13-1.Final_redhat_00001.1.el8eap.src.rpm eap7-ws-commons-XmlSchema-2.2.5-1.redhat_00001.1.el8eap.src.rpm eap7-xerces-j2-2.12.0-2.SP03_redhat_00001.1.el8eap.src.rpm
noarch: eap7-activemq-artemis-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-cli-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-commons-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-core-client-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-dto-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-hornetq-protocol-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-hqclient-protocol-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-jdbc-store-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-jms-client-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-jms-server-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-journal-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-native-1.0.2-1.redhat_00001.1.el8eap.noarch.rpm eap7-activemq-artemis-ra-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-selector-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-server-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-service-extensions-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-activemq-artemis-tools-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm eap7-apache-commons-codec-1.14.0-1.redhat_00001.1.el8eap.noarch.rpm eap7-apache-commons-lang-3.10.0-1.redhat_00001.1.el8eap.noarch.rpm eap7-apache-cxf-3.3.7-1.redhat_00001.1.el8eap.noarch.rpm eap7-apache-cxf-rt-3.3.7-1.redhat_00001.1.el8eap.noarch.rpm eap7-apache-cxf-services-3.3.7-1.redhat_00001.1.el8eap.noarch.rpm eap7-apache-cxf-tools-3.3.7-1.redhat_00001.1.el8eap.noarch.rpm eap7-bouncycastle-1.65.0-1.redhat_00001.1.el8eap.noarch.rpm eap7-bouncycastle-mail-1.65.0-1.redhat_00001.1.el8eap.noarch.rpm eap7-bouncycastle-pkix-1.65.0-1.redhat_00001.1.el8eap.noarch.rpm eap7-bouncycastle-prov-1.65.0-1.redhat_00001.1.el8eap.noarch.rpm eap7-glassfish-jsf-2.3.9-11.SP12_redhat_00001.1.el8eap.noarch.rpm eap7-hal-console-3.2.10-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-5.3.18-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-core-5.3.18-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-entitymanager-5.3.18-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-envers-5.3.18-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-hibernate-java8-5.3.18-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-httpcomponents-client-4.5.12-1.redhat_00001.1.el8eap.noarch.rpm eap7-httpcomponents-core-4.4.13-1.redhat_00001.1.el8eap.noarch.rpm eap7-jberet-1.3.7-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jberet-core-1.3.7-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-invocation-1.5.3-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-logmanager-2.1.17-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jboss-server-migration-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-cli-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-core-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap6.4-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap6.4-to-eap7.3-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.0-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.1-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.2-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.2-to-eap7.3-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-eap7.3-server-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly10.0-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly10.1-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly11.0-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly12.0-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly13.0-server-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly14.0-server-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly15.0-server-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly16.0-server-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly17.0-server-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly18.0-server-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly8.2-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-server-migration-wildfly9.0-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm eap7-jboss-xnio-base-3.7.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-jgroups-4.1.10-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-compensations-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-jbosstxbridge-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-jbossxts-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-jts-idlj-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-jts-integration-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-restat-api-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-restat-bridge-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-restat-integration-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-restat-util-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-narayana-txframework-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-picketbox-5.0.3-8.Final_redhat_00007.1.el8eap.noarch.rpm eap7-picketbox-infinispan-5.0.3-8.Final_redhat_00007.1.el8eap.noarch.rpm eap7-picketlink-bindings-2.5.5-25.SP12_redhat_00013.1.el8eap.noarch.rpm eap7-picketlink-wildfly8-2.5.5-25.SP12_redhat_00013.1.el8eap.noarch.rpm eap7-snakeyaml-1.26.0-1.redhat_00001.1.el8eap.noarch.rpm eap7-undertow-2.0.31-1.SP1_redhat_00001.1.el8eap.noarch.rpm eap7-velocity-2.2.0-1.redhat_00001.1.el8eap.noarch.rpm eap7-velocity-engine-core-2.2.0-1.redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-7.3.3-4.GA_redhat_00004.1.el8eap.noarch.rpm eap7-wildfly-elytron-1.10.8-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-elytron-tool-1.10.8-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-wildfly-javadocs-7.3.3-4.GA_redhat_00004.1.el8eap.noarch.rpm eap7-wildfly-modules-7.3.3-4.GA_redhat_00004.1.el8eap.noarch.rpm eap7-wildfly-transaction-client-1.1.13-1.Final_redhat_00001.1.el8eap.noarch.rpm eap7-ws-commons-XmlSchema-2.2.5-1.redhat_00001.1.el8eap.noarch.rpm eap7-xerces-j2-2.12.0-2.SP03_redhat_00001.1.el8eap.noarch.rpm
x86_64: eap7-artemis-native-1.0.2-3.redhat_1.el8eap.x86_64.rpm eap7-artemis-native-wildfly-1.0.2-3.redhat_1.el8eap.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-1954 https://access.redhat.com/security/cve/CVE-2020-14299 https://access.redhat.com/security/cve/CVE-2020-14338 https://access.redhat.com/security/cve/CVE-2020-14340 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBX4XdnNzjgjWX9erEAQiXuw//R4g+s6n+rk7hCp48kUecgr/5ci5EP6UM 7BsPN7sPZcLyYiZZsP+/6hHbB/dkfUyL8zJMQBQHHcwjhFkI9diYjraI2/K2BTo8 Fb/JEJoCmDs88/LUUpMebq7SSulBWhtfKYwCCOGy6pCpRAka99nzFXGr1y4H1ozJ berY8tq9PVJLJyuKGyoK+06fENIV2b/Oir68lSGrTMJVQeqb9TclI1pRIZ/8iZNh OQOnXk85y81YrQTlynAlBnlMCtSNEFMBUi5b25Q30ZNxMaegYyezvlgs790hLZQA UUfjAdFsk341kK0uop93y9MnDT1qUiYNG1rJ5DBB0jzyq7zQk2GxwBYg3mhItMhi FBZ6oeePwEEq4Bxpd1vERDQQW+zCpd0jLJ4nvU1wFIQZK7eSBk6Lz4ws2XUHmuru yXCcJZWqkXzQwhYMSq3y1fVcTAl6HcWxoBuX1TU9AmZWKcUlHN9Lo6BF4fMEhXH/ UrQNC+mOnCAjJrD1sGyPlozMnZnu96fVMURTDdz4J9aN1JU1t0fb2MgD3X3VZWto ducjlQPeNTI1+elmaBxAS8A7a+UaN63QgjeCQfzjEky89Jvfv/Ra6i5R5x8LrrQf zMn1XyxOAefzehiV8SR801W8dE7D7RlF5y/TH0ciA/CIzUSNAbb4tDlGcSDPig+a PGc+57G5XO4=OgA5 -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Summary:
This is a security update for JBoss EAP Continuous Delivery 20. Description:
Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation (DMN) execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business.
Security Fix(es):
-
hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)
-
batik: SSRF via "xlink:href" (CVE-2019-17566)
-
Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)
-
ant: insecure temporary file vulnerability (CVE-2020-1945)
-
dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)
-
hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)
-
wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)
-
cxf: JMX integration is vulnerable to a MITM attack (CVE-2020-1954)
-
mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete (CVE-2020-2875)
-
mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS (CVE-2020-2933)
-
mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete (CVE-2020-2934)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):
1666499 - CVE-2019-14900 hibernate: SQL injection issue in Hibernate ORM 1694235 - CVE-2020-10683 dom4j: XML External Entity vulnerability in default SAX parser 1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages 1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain 1824301 - CVE-2020-1954 cxf: JMX integration is vulnerable to a MITM attack 1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication 1837444 - CVE-2020-1945 ant: insecure temporary file vulnerability 1848617 - CVE-2019-17566 batik: SSRF via "xlink:href" 1851014 - CVE-2020-2934 mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete 1851019 - CVE-2020-2875 mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete 1851022 - CVE-2020-2933 mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS
- Description:
Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-0983",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "communications element manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "communications session route manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2.1.0"
},
{
"model": "communications diameter signaling router idih\\:",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "communications diameter signaling router",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "communications diameter signaling router",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "cxf",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "3.3.0"
},
{
"model": "communications session report manager",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "communications element manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "cxf",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "3.2.13"
},
{
"model": "communications session report manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "oncommand workflow automation",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications session route manager",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.0"
},
{
"model": "cxf",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "3.3.6"
},
{
"model": "snapmanager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications diameter signaling router idih\\:",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.56"
},
{
"model": "cxf",
"scope": null,
"trust": 0.8,
"vendor": "apache",
"version": null
},
{
"model": "ops center common services",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "(\u6d77\u5916\u8ca9\u58f2\u306e\u307f)"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003650"
},
{
"db": "NVD",
"id": "CVE-2020-1954"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.3.6",
"versionStartIncluding": "3.3.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.2.13",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\\::*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-1954"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "159539"
},
{
"db": "PACKETSTORM",
"id": "159924"
},
{
"db": "PACKETSTORM",
"id": "159540"
},
{
"db": "PACKETSTORM",
"id": "159538"
},
{
"db": "PACKETSTORM",
"id": "159015"
},
{
"db": "PACKETSTORM",
"id": "159921"
},
{
"db": "PACKETSTORM",
"id": "159899"
}
],
"trust": 0.7
},
"cve": "CVE-2020-1954",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.9,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-003650",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "VHN-172928",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "CVE-2020-1954",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "LOW",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-003650",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-1954",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2020-003650",
"trust": 0.8,
"value": "Medium"
},
{
"author": "VULHUB",
"id": "VHN-172928",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2020-1954",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-172928"
},
{
"db": "VULMON",
"id": "CVE-2020-1954"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003650"
},
{
"db": "NVD",
"id": "CVE-2020-1954"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the \u2018createMBServerConnectorFactory\u2018 property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX. Apache CXF There is an information leakage vulnerability in.Information may be obtained. Apache CXF is an open source Web service framework of the Apache Software Foundation. The framework supports a variety of Web service standards, a variety of front-end programming API and so on. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\nThe JBoss server process must be restarted for the update to take effect. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: Red Hat JBoss Enterprise Application Platform 7.3.3 security update on RHEL 8\nAdvisory ID: RHSA-2020:4245-01\nProduct: Red Hat JBoss Enterprise Application Platform\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:4245\nIssue date: 2020-10-13\nCVE Names: CVE-2020-1954 CVE-2020-14299 CVE-2020-14338\n CVE-2020-14340\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat JBoss Enterprise Application\nPlatform 7.3 for RHEL 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss EAP 7.3 for BaseOS-8 - noarch, x86_64\n\n3. Description:\n\nRed Hat JBoss Enterprise Application Platform 7 is a platform for Java\napplications based on the WildFly application runtime. \n\nThis release of Red Hat JBoss Enterprise Application Platform 7.3.3 serves\nas a replacement for Red Hat JBoss Enterprise Application Platform 7.3.2\nand includes bug fixes and enhancements. See the Red Hat JBoss Enterprise\nApplication Platform 7.3.3 Release Notes for information about the most\nsignificant bug fixes and enhancements included in this release. \n\nSecurity Fix(es):\n\n* picketbox: JBoss EAP reload to admin-only mode allows authentication\nbypass (CVE-2020-14299)\n\n* wildfly: XML validation manipulation due to incomplete application of\nuse-grammar-pool-only in xercesImpl (CVE-2020-14338)\n\n* xnio: file descriptor leak caused by growing amounts of NIO Selector file\nhandles may lead to DoS (CVE-2020-14340)\n\n* cxf: JMX integration is vulnerable to a MITM attack (CVE-2020-1954)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nBefore applying this update, back up your existing Red Hat JBoss Enterprise\nApplication Platform installation and deployed applications. \n\nFor details about how to apply this update, see:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1824301 - CVE-2020-1954 cxf: JMX integration is vulnerable to a MITM attack\n1848533 - CVE-2020-14299 picketbox: JBoss EAP reload to admin-only mode allows authentication bypass\n1860054 - CVE-2020-14338 wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl\n1860218 - CVE-2020-14340 xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJBEAP-19379 - [GSS](7.3.z) Upgrade Hibernate ORM from 5.3.17 to 5.3.18\nJBEAP-19444 - Tracker bug for the EAP 7.3.3 release for RHEL-8\nJBEAP-19596 - [GSS](7.3.z) CMTOOL-277 - Migration from EAP 6.4 Update 22 to EAP 7.3 create a misspelled \u0027Application Realm\u0027\nJBEAP-19613 - (7.3.z) ELY-1975 - Update AcmeClientSpi#obtainCertificate so that it obtains the order URL from the response to newOrder\nJBEAP-19615 - (7.3.z) ELY-1968 - Update error message returned by AcmeClientSpi#getLocation\nJBEAP-19642 - (7.3.z) Upgrade jberet-core from 1.3.5.Final to 1.3.7.Final\nJBEAP-19695 - [GSS](7.3.z) Upgrade Apache CXF from 3.3.5 to 3.3.7\nJBEAP-19698 - [GSS](7.3.z) Upgrade Invocation from 1.5.2.Final-redhat-00001 to 1.5.3.Final... \nJBEAP-19700 - [GSS](7.3.z) Upgrade Migration Tool from 1.7.1-redhat-00003 to 1.7.2-redhat-00001\nJBEAP-19701 - [GSS](7.3.z) Upgrade jgroups from 4.1.4.Final-redhat-00001 to 4.1.10.Final-redhat-00001\nJBEAP-19715 - [GSS](7.3.z) Upgrade Artemis Native to 1.0.2\nJBEAP-19746 - [GSS](7.3.z) Upgrade JBoss Log Manager from 2.1.15 to 2.1.17\nJBEAP-19789 - [GSS](7.3.z) Upgrade Narayana from 5.9.8.Final to 5.9.9.Final\nJBEAP-19791 - [GSS](7.3.z) Upgrade HAL from 3.2.9.Final-redhat-00001 to 3.2.10.Final-redhat-00001\nJBEAP-19795 - (7.3.z) Upgrade JSF based on Mojarra 2.3.9.SP11-redhat-00001 to 2.3.9.SP12-redhat-00001\nJBEAP-19796 - [GSS](7.3.z) Upgrade Artemis from 2.9.0.redhat-00010 to 2.9.0.redhat-00011\nJBEAP-19822 - (7.3.z) Upgrade MP fault-tolerance to 2.1.1\nJBEAP-19888 - (7.3.z) Upgrade SmallRye OpenAPI to 1.1.23\nJBEAP-19934 - (7.3.z) Upgrade bouncycastle to 1.65\nJBEAP-19935 - (7.3.z) Upgrade commons-codec to 1.14\nJBEAP-19936 - (7.3.z) Upgrade commons-lang3 from 3.9 to 3.10\nJBEAP-19937 - (7.3.z) Upgrade snakeyaml to 1.26\nJBEAP-19938 - (7.3.z) Upgrade velocity to 2.2\nJBEAP-19939 - (7.3.z) Upgrade httpcomponents httpclient from 4.5.4 to 4.5.12\nJBEAP-19940 - (7.3.z) Upgrade httpcomponents httpcore from 4.4.5 to 4.4.13\nJBEAP-19942 - (7.3.z) Upgrade XNIO from 3.7.8.SP1 to 3.7.9.Final\nJBEAP-19955 - (7.3.z) Update xmlschema to 2.2.5\nJBEAP-19965 - (7.3.z) Fix PreservePathTestCase after httpclient upgrade\nJBEAP-20027 - (7.3.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00012 to 2.5.5.SP12-redhat-00013\nJBEAP-20037 - [GSS](7.3.z) Upgrade wildfly-transaction-client from 1.1.11.Final-redhat-00001 to 1.1.13.Final-redhat-00001\nJBEAP-20064 - (7.3.z) Update PR template to include PR-processor hints for wildfly-core-eap\nJBEAP-20087 - [GSS](7.3.z) WFLY-13147 - Deployment slowdown after WFLY upgrade (DeploymentArchive handling)\nJBEAP-20112 - (7.3.z) Upgrade smallrye-fault-tolerance to 4.2.1\n\n7. Package List:\n\nRed Hat JBoss EAP 7.3 for BaseOS-8:\n\nSource:\neap7-activemq-artemis-2.9.0-5.redhat_00011.1.el8eap.src.rpm\neap7-activemq-artemis-native-1.0.2-1.redhat_00001.1.el8eap.src.rpm\neap7-apache-commons-codec-1.14.0-1.redhat_00001.1.el8eap.src.rpm\neap7-apache-commons-lang-3.10.0-1.redhat_00001.1.el8eap.src.rpm\neap7-apache-cxf-3.3.7-1.redhat_00001.1.el8eap.src.rpm\neap7-artemis-native-1.0.2-3.redhat_1.el8eap.src.rpm\neap7-bouncycastle-1.65.0-1.redhat_00001.1.el8eap.src.rpm\neap7-glassfish-jsf-2.3.9-11.SP12_redhat_00001.1.el8eap.src.rpm\neap7-hal-console-3.2.10-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-hibernate-5.3.18-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-httpcomponents-client-4.5.12-1.redhat_00001.1.el8eap.src.rpm\neap7-httpcomponents-core-4.4.13-1.redhat_00001.1.el8eap.src.rpm\neap7-jberet-1.3.7-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-jboss-invocation-1.5.3-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-jboss-logmanager-2.1.17-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-jboss-server-migration-1.7.2-2.Final_redhat_00002.1.el8eap.src.rpm\neap7-jboss-xnio-base-3.7.9-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-jgroups-4.1.10-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-narayana-5.9.9-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-picketbox-5.0.3-8.Final_redhat_00007.1.el8eap.src.rpm\neap7-picketlink-bindings-2.5.5-25.SP12_redhat_00013.1.el8eap.src.rpm\neap7-snakeyaml-1.26.0-1.redhat_00001.1.el8eap.src.rpm\neap7-undertow-2.0.31-1.SP1_redhat_00001.1.el8eap.src.rpm\neap7-velocity-2.2.0-1.redhat_00001.1.el8eap.src.rpm\neap7-wildfly-7.3.3-4.GA_redhat_00004.1.el8eap.src.rpm\neap7-wildfly-elytron-1.10.8-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-wildfly-transaction-client-1.1.13-1.Final_redhat_00001.1.el8eap.src.rpm\neap7-ws-commons-XmlSchema-2.2.5-1.redhat_00001.1.el8eap.src.rpm\neap7-xerces-j2-2.12.0-2.SP03_redhat_00001.1.el8eap.src.rpm\n\nnoarch:\neap7-activemq-artemis-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm\neap7-activemq-artemis-cli-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm\neap7-activemq-artemis-commons-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm\neap7-activemq-artemis-core-client-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm\neap7-activemq-artemis-dto-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm\neap7-activemq-artemis-hornetq-protocol-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm\neap7-activemq-artemis-hqclient-protocol-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm\neap7-activemq-artemis-jdbc-store-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm\neap7-activemq-artemis-jms-client-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm\neap7-activemq-artemis-jms-server-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm\neap7-activemq-artemis-journal-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm\neap7-activemq-artemis-native-1.0.2-1.redhat_00001.1.el8eap.noarch.rpm\neap7-activemq-artemis-ra-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm\neap7-activemq-artemis-selector-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm\neap7-activemq-artemis-server-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm\neap7-activemq-artemis-service-extensions-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm\neap7-activemq-artemis-tools-2.9.0-5.redhat_00011.1.el8eap.noarch.rpm\neap7-apache-commons-codec-1.14.0-1.redhat_00001.1.el8eap.noarch.rpm\neap7-apache-commons-lang-3.10.0-1.redhat_00001.1.el8eap.noarch.rpm\neap7-apache-cxf-3.3.7-1.redhat_00001.1.el8eap.noarch.rpm\neap7-apache-cxf-rt-3.3.7-1.redhat_00001.1.el8eap.noarch.rpm\neap7-apache-cxf-services-3.3.7-1.redhat_00001.1.el8eap.noarch.rpm\neap7-apache-cxf-tools-3.3.7-1.redhat_00001.1.el8eap.noarch.rpm\neap7-bouncycastle-1.65.0-1.redhat_00001.1.el8eap.noarch.rpm\neap7-bouncycastle-mail-1.65.0-1.redhat_00001.1.el8eap.noarch.rpm\neap7-bouncycastle-pkix-1.65.0-1.redhat_00001.1.el8eap.noarch.rpm\neap7-bouncycastle-prov-1.65.0-1.redhat_00001.1.el8eap.noarch.rpm\neap7-glassfish-jsf-2.3.9-11.SP12_redhat_00001.1.el8eap.noarch.rpm\neap7-hal-console-3.2.10-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-hibernate-5.3.18-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-hibernate-core-5.3.18-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-hibernate-entitymanager-5.3.18-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-hibernate-envers-5.3.18-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-hibernate-java8-5.3.18-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-httpcomponents-client-4.5.12-1.redhat_00001.1.el8eap.noarch.rpm\neap7-httpcomponents-core-4.4.13-1.redhat_00001.1.el8eap.noarch.rpm\neap7-jberet-1.3.7-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-jberet-core-1.3.7-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-jboss-invocation-1.5.3-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-jboss-logmanager-2.1.17-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-jboss-server-migration-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-jboss-server-migration-cli-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-jboss-server-migration-core-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-jboss-server-migration-eap6.4-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-jboss-server-migration-eap6.4-to-eap7.3-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-jboss-server-migration-eap7.0-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-jboss-server-migration-eap7.1-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-jboss-server-migration-eap7.2-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-jboss-server-migration-eap7.2-to-eap7.3-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-jboss-server-migration-eap7.3-server-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly10.0-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly10.1-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly11.0-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly12.0-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly13.0-server-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly14.0-server-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly15.0-server-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly16.0-server-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly17.0-server-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly18.0-server-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly8.2-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-jboss-server-migration-wildfly9.0-1.7.2-2.Final_redhat_00002.1.el8eap.noarch.rpm\neap7-jboss-xnio-base-3.7.9-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-jgroups-4.1.10-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-compensations-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-jbosstxbridge-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-jbossxts-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-jts-idlj-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-jts-integration-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-restat-api-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-restat-bridge-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-restat-integration-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-restat-util-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-narayana-txframework-5.9.9-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-picketbox-5.0.3-8.Final_redhat_00007.1.el8eap.noarch.rpm\neap7-picketbox-infinispan-5.0.3-8.Final_redhat_00007.1.el8eap.noarch.rpm\neap7-picketlink-bindings-2.5.5-25.SP12_redhat_00013.1.el8eap.noarch.rpm\neap7-picketlink-wildfly8-2.5.5-25.SP12_redhat_00013.1.el8eap.noarch.rpm\neap7-snakeyaml-1.26.0-1.redhat_00001.1.el8eap.noarch.rpm\neap7-undertow-2.0.31-1.SP1_redhat_00001.1.el8eap.noarch.rpm\neap7-velocity-2.2.0-1.redhat_00001.1.el8eap.noarch.rpm\neap7-velocity-engine-core-2.2.0-1.redhat_00001.1.el8eap.noarch.rpm\neap7-wildfly-7.3.3-4.GA_redhat_00004.1.el8eap.noarch.rpm\neap7-wildfly-elytron-1.10.8-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-wildfly-elytron-tool-1.10.8-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-wildfly-javadocs-7.3.3-4.GA_redhat_00004.1.el8eap.noarch.rpm\neap7-wildfly-modules-7.3.3-4.GA_redhat_00004.1.el8eap.noarch.rpm\neap7-wildfly-transaction-client-1.1.13-1.Final_redhat_00001.1.el8eap.noarch.rpm\neap7-ws-commons-XmlSchema-2.2.5-1.redhat_00001.1.el8eap.noarch.rpm\neap7-xerces-j2-2.12.0-2.SP03_redhat_00001.1.el8eap.noarch.rpm\n\nx86_64:\neap7-artemis-native-1.0.2-3.redhat_1.el8eap.x86_64.rpm\neap7-artemis-native-wildfly-1.0.2-3.redhat_1.el8eap.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n8. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-1954\nhttps://access.redhat.com/security/cve/CVE-2020-14299\nhttps://access.redhat.com/security/cve/CVE-2020-14338\nhttps://access.redhat.com/security/cve/CVE-2020-14340\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/\nhttps://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/\n\n9. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX4XdnNzjgjWX9erEAQiXuw//R4g+s6n+rk7hCp48kUecgr/5ci5EP6UM\n7BsPN7sPZcLyYiZZsP+/6hHbB/dkfUyL8zJMQBQHHcwjhFkI9diYjraI2/K2BTo8\nFb/JEJoCmDs88/LUUpMebq7SSulBWhtfKYwCCOGy6pCpRAka99nzFXGr1y4H1ozJ\nberY8tq9PVJLJyuKGyoK+06fENIV2b/Oir68lSGrTMJVQeqb9TclI1pRIZ/8iZNh\nOQOnXk85y81YrQTlynAlBnlMCtSNEFMBUi5b25Q30ZNxMaegYyezvlgs790hLZQA\nUUfjAdFsk341kK0uop93y9MnDT1qUiYNG1rJ5DBB0jzyq7zQk2GxwBYg3mhItMhi\nFBZ6oeePwEEq4Bxpd1vERDQQW+zCpd0jLJ4nvU1wFIQZK7eSBk6Lz4ws2XUHmuru\nyXCcJZWqkXzQwhYMSq3y1fVcTAl6HcWxoBuX1TU9AmZWKcUlHN9Lo6BF4fMEhXH/\nUrQNC+mOnCAjJrD1sGyPlozMnZnu96fVMURTDdz4J9aN1JU1t0fb2MgD3X3VZWto\nducjlQPeNTI1+elmaBxAS8A7a+UaN63QgjeCQfzjEky89Jvfv/Ra6i5R5x8LrrQf\nzMn1XyxOAefzehiV8SR801W8dE7D7RlF5y/TH0ciA/CIzUSNAbb4tDlGcSDPig+a\nPGc+57G5XO4=OgA5\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. Summary:\n\nThis is a security update for JBoss EAP Continuous Delivery 20. Description:\n\nRed Hat Decision Manager is an open source decision management platform\nthat combines business rules management, complex event processing, Decision\nModel \u0026 Notation (DMN) execution, and Business Optimizer for solving\nplanning problems. It automates business decisions and makes that logic\navailable to the entire business. \n\nSecurity Fix(es):\n\n* hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)\n\n* batik: SSRF via \"xlink:href\" (CVE-2019-17566)\n\n* Wildfly: Improper authorization issue in WildFlySecurityManager when\nusing alternative protection domain (CVE-2020-1748)\n\n* ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n* dom4j: XML External Entity vulnerability in default SAX parser\n(CVE-2020-10683)\n\n* hibernate-validator: Improper input validation in the interpolation of\nconstraint error messages (CVE-2020-10693)\n\n* wildfly-elytron: session fixation when using FORM authentication\n(CVE-2020-10714)\n\n* cxf: JMX integration is vulnerable to a MITM attack (CVE-2020-1954)\n\n* mysql-connector-java: allows unauthenticated attacker with network access\nvia multiple protocols to compromise MySQL Connectors which could result in\nunauthorized update, insert or delete (CVE-2020-2875)\n\n* mysql-connector-java: allows high privileged attacker with network access\nvia multiple protocols to compromise MySQL Connectors which could result in\nunauthorized partial DoS (CVE-2020-2933)\n\n* mysql-connector-java: allows unauthenticated attacker with network access\nvia multiple protocols to compromise MySQL Connectors which could result in\nunauthorized update, insert or delete (CVE-2020-2934)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1666499 - CVE-2019-14900 hibernate: SQL injection issue in Hibernate ORM\n1694235 - CVE-2020-10683 dom4j: XML External Entity vulnerability in default SAX parser\n1805501 - CVE-2020-10693 hibernate-validator: Improper input validation in the interpolation of constraint error messages\n1807707 - CVE-2020-1748 Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain\n1824301 - CVE-2020-1954 cxf: JMX integration is vulnerable to a MITM attack\n1825714 - CVE-2020-10714 wildfly-elytron: session fixation when using FORM authentication\n1837444 - CVE-2020-1945 ant: insecure temporary file vulnerability\n1848617 - CVE-2019-17566 batik: SSRF via \"xlink:href\"\n1851014 - CVE-2020-2934 mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete\n1851019 - CVE-2020-2875 mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete\n1851022 - CVE-2020-2933 mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS\n\n5. Description:\n\nRed Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak\nproject, that provides authentication and standards-based single sign-on\ncapabilities for web and mobile applications",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-1954"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003650"
},
{
"db": "VULHUB",
"id": "VHN-172928"
},
{
"db": "VULMON",
"id": "CVE-2020-1954"
},
{
"db": "PACKETSTORM",
"id": "159539"
},
{
"db": "PACKETSTORM",
"id": "159924"
},
{
"db": "PACKETSTORM",
"id": "159540"
},
{
"db": "PACKETSTORM",
"id": "159538"
},
{
"db": "PACKETSTORM",
"id": "159015"
},
{
"db": "PACKETSTORM",
"id": "159921"
},
{
"db": "PACKETSTORM",
"id": "159899"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-1954",
"trust": 2.7
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003650",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "159540",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159015",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159539",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159921",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159899",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159924",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159538",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159541",
"trust": 0.1
},
{
"db": "CNVD",
"id": "CNVD-2020-29873",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-202004-049",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-172928",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-1954",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-172928"
},
{
"db": "VULMON",
"id": "CVE-2020-1954"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003650"
},
{
"db": "PACKETSTORM",
"id": "159539"
},
{
"db": "PACKETSTORM",
"id": "159924"
},
{
"db": "PACKETSTORM",
"id": "159540"
},
{
"db": "PACKETSTORM",
"id": "159538"
},
{
"db": "PACKETSTORM",
"id": "159015"
},
{
"db": "PACKETSTORM",
"id": "159921"
},
{
"db": "PACKETSTORM",
"id": "159899"
},
{
"db": "NVD",
"id": "CVE-2020-1954"
}
]
},
"id": "VAR-202004-0983",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-172928"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T20:25:59.004000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CVE-2020-1954: Apache CXF JMX Integration is vulnerable to a MITM attack",
"trust": 0.8,
"url": "http://cxf.apache.org/security-advisories.data/cve-2020-1954.txt.asc?version=1\u0026modificationdate=1585730169000\u0026api=v2"
},
{
"title": "hitachi-sec-2020-125",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2020-125/index.html"
},
{
"title": "hitachi-sec-2020-125",
"trust": 0.8,
"url": "https://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hitachi-sec-2020-125/index.html"
},
{
"title": "Red Hat: Moderate: Red Hat JBoss Enterprise Application Platform 7.3.3 security update on RHEL 6",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204244 - security advisory"
},
{
"title": "Red Hat: Moderate: Red Hat JBoss Enterprise Application Platform 7.3.3 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204247 - security advisory"
},
{
"title": "Red Hat: Moderate: Red Hat JBoss Enterprise Application Platform 7.3.3 security update on RHEL 7",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204246 - security advisory"
},
{
"title": "Red Hat: Moderate: Red Hat JBoss Enterprise Application Platform 7.3.3 security update on RHEL 8",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204245 - security advisory"
},
{
"title": "Red Hat: Important: EAP Continuous Delivery Technical Preview Release 20 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203585 - security advisory"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Common Services",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2020-125"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-1954"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003650"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-200",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-172928"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003650"
},
{
"db": "NVD",
"id": "CVE-2020-1954"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1954"
},
{
"trust": 1.2,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20220210-0001/"
},
{
"trust": 1.1,
"url": "http://cxf.apache.org/security-advisories.data/cve-2020-1954.txt.asc?version=1\u0026modificationdate=1585730169000\u0026api=v2"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3ccommits.cxf.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3ccommits.cxf.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3ccommits.cxf.apache.org%3e"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1954"
},
{
"trust": 0.7,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-1954"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-14299"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14299"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-14338"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14338"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-14340"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14340"
},
{
"trust": 0.3,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-10714"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14900"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10683"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10714"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-10683"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-14900"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/errata/rhsa-2020:4244"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-2875"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2934"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-2933"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17566"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1945"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10693"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-17566"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1945"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2875"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-2934"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2933"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-10693"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1748"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-1748"
},
{
"trust": 0.1,
"url": "http://cxf.apache.org/security-advisories.data/cve-2020-1954.txt.asc?version=1\u0026amp;modificationdate=1585730169000\u0026amp;api=v2"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3ccommits.cxf.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3ccommits.cxf.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3ccommits.cxf.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/178938"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4961"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.9/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhpam\u0026version=7.9.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=appplatform\u0026downloadtype=securitypatches\u0026version=7.3"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4247"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4245"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-6950"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-10172"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10740"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:3585"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product\\xeap-cd\u0026version"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11612"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10705"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10673"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10172"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10705"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6950"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10740"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11612"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform_continuous_delivery/20/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14371"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14371"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10673"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=rhdm\u0026version=7.9.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_decision_manager/7.9/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4960"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4931"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.4/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14389"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10776"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=core.service.rhsso\u0026downloadtype=securitypatches\u0026version=7.4"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-10776"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14389"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-172928"
},
{
"db": "VULMON",
"id": "CVE-2020-1954"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003650"
},
{
"db": "PACKETSTORM",
"id": "159539"
},
{
"db": "PACKETSTORM",
"id": "159924"
},
{
"db": "PACKETSTORM",
"id": "159540"
},
{
"db": "PACKETSTORM",
"id": "159538"
},
{
"db": "PACKETSTORM",
"id": "159015"
},
{
"db": "PACKETSTORM",
"id": "159921"
},
{
"db": "PACKETSTORM",
"id": "159899"
},
{
"db": "NVD",
"id": "CVE-2020-1954"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-172928"
},
{
"db": "VULMON",
"id": "CVE-2020-1954"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-003650"
},
{
"db": "PACKETSTORM",
"id": "159539"
},
{
"db": "PACKETSTORM",
"id": "159924"
},
{
"db": "PACKETSTORM",
"id": "159540"
},
{
"db": "PACKETSTORM",
"id": "159538"
},
{
"db": "PACKETSTORM",
"id": "159015"
},
{
"db": "PACKETSTORM",
"id": "159921"
},
{
"db": "PACKETSTORM",
"id": "159899"
},
{
"db": "NVD",
"id": "CVE-2020-1954"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-01T00:00:00",
"db": "VULHUB",
"id": "VHN-172928"
},
{
"date": "2020-04-01T00:00:00",
"db": "VULMON",
"id": "CVE-2020-1954"
},
{
"date": "2020-04-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003650"
},
{
"date": "2020-10-13T20:24:30",
"db": "PACKETSTORM",
"id": "159539"
},
{
"date": "2020-11-06T15:18:46",
"db": "PACKETSTORM",
"id": "159924"
},
{
"date": "2020-10-13T20:24:41",
"db": "PACKETSTORM",
"id": "159540"
},
{
"date": "2020-10-13T20:24:21",
"db": "PACKETSTORM",
"id": "159538"
},
{
"date": "2020-08-31T16:22:15",
"db": "PACKETSTORM",
"id": "159015"
},
{
"date": "2020-11-06T15:06:03",
"db": "PACKETSTORM",
"id": "159921"
},
{
"date": "2020-11-05T16:59:52",
"db": "PACKETSTORM",
"id": "159899"
},
{
"date": "2020-04-01T21:15:14.597000",
"db": "NVD",
"id": "CVE-2020-1954"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-21T00:00:00",
"db": "VULHUB",
"id": "VHN-172928"
},
{
"date": "2021-04-02T00:00:00",
"db": "VULMON",
"id": "CVE-2020-1954"
},
{
"date": "2020-08-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-003650"
},
{
"date": "2023-11-07T03:19:38.010000",
"db": "NVD",
"id": "CVE-2020-1954"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "159924"
},
{
"db": "PACKETSTORM",
"id": "159015"
},
{
"db": "PACKETSTORM",
"id": "159921"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache CXF Vulnerability regarding information leakage in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-003650"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "sql injection",
"sources": [
{
"db": "PACKETSTORM",
"id": "159924"
},
{
"db": "PACKETSTORM",
"id": "159015"
},
{
"db": "PACKETSTORM",
"id": "159921"
}
],
"trust": 0.3
}
}