You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cxf.apache.org by Colm O hEigeartaigh <co...@apache.org> on 2022/12/13 15:16:11 UTC
CVE-2022-46364: Apache CXF SSRF Vulnerability
CVE-2022-46364: Apache CXF SSRF Vulnerability
Severity: important
Description:
A SSRF vulnerability in parsing the href attribute of XOP:Include in
MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows
an attacker to perform SSRF style attacks on webservices that take at
least one parameter of any type.
Credit:
thanat0s from Beijin Qihoo 360 adlab (finder) (finder)
References:
https://cxf.apache.org/
https://www.cve.org/CVERecord?id=CVE-2022-46364