The Ibis Adapter Framework is an easy to use, stateless integration framework which allows (transactional) messages to be modified and exchanged between different systems.
Apache License 2.0
0
stars
0
forks
source link
CVE-2022-46363 (High) detected in cxf-rt-transports-http-3.4.4.jar #55
A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows an attacker to perform a remote directory listing or code exfiltration. The vulnerability only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, and so the vulnerability can only arise if the CXF service is misconfigured.
CVE-2022-46363 - High Severity Vulnerability
Vulnerable Library - cxf-rt-transports-http-3.4.4.jar
Apache CXF Runtime HTTP Transport
Library home page: https://cxf.apache.org
Dependency Hierarchy: - :x: **cxf-rt-transports-http-3.4.4.jar** (Vulnerable Library)
Found in base branch: master
Vulnerability Details
A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows an attacker to perform a remote directory listing or code exfiltration. The vulnerability only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, and so the vulnerability can only arise if the CXF service is misconfigured.
Publish Date: 2022-12-13
URL: CVE-2022-46363
CVSS 3 Score Details (7.5)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: None
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Release Date: 2022-12-13
Fix Resolution: 3.4.10
Step up your Open Source Security Game with Mend here