Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 13 Dec 2022 15:17:08 +0000
From: Colm O hEigeartaigh <coheigea@...che.org>
To: oss-security@...ts.openwall.com
Subject: CVE-2022-46364: Apache CXF SSRF Vulnerability

CVE-2022-46364: Apache CXF SSRF Vulnerability

Severity: important

Description:

A SSRF vulnerability in parsing the href attribute of XOP:Include in
MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows
an attacker to perform SSRF style attacks on webservices that take at
least one parameter of any type.

Credit:

thanat0s from Beijin Qihoo 360 adlab (finder) (finder)

References:

https://cxf.apache.org/
https://www.cve.org/CVERecord?id=CVE-2022-46364

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.