Description

A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. 

Remediation

References

https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2

Related Vulnerabilities

CVE-2021-21691 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2023-24454 Vulnerability in maven package org.jenkins-ci.plugins:testquality-updater

CVE-2019-16556 Vulnerability in maven package org.jenkins-ci.plugins:rundeck

CVE-2017-12624 Vulnerability in maven package org.apache.cxf:cxf-core

CVE-2018-1999004 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

Severity

Critical

Classification

CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Vendor Advisory