[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2022-46364: Apache CXF SSRF Vulnerability
From: Colm O hEigeartaigh <coheigea () apache ! org>
Date: 2022-12-13 15:17:08
Message-ID: CAB8XdGBFtQ+=vXfezFEJLUBHzOd16gvdBiQn+6KC5K30f6d5Eg () mail ! gmail ! com
[Download RAW message or body]
CVE-2022-46364: Apache CXF SSRF Vulnerability
Severity: important
Description:
A SSRF vulnerability in parsing the href attribute of XOP:Include in
MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows
an attacker to perform SSRF style attacks on webservices that take at
least one parameter of any type.
Credit:
thanat0s from Beijin Qihoo 360 adlab (finder) (finder)
References:
https://cxf.apache.org/
https://www.cve.org/CVERecord?id=CVE-2022-46364
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic