Description

A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. 

Remediation

References

https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2

Related Vulnerabilities

CVE-2015-5207 Vulnerability in npm package cordova-ios

CVE-2023-26475 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore

CVE-2023-33937 Vulnerability in maven package com.liferay:com.liferay.dynamic.data.mapping.form.web

CVE-2012-0838 Vulnerability in maven package org.apache.struts:struts2-core

CVE-2018-1999038 Vulnerability in maven package org.jenkins-ci.plugins:publish-over-cifs

Severity

Critical

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Vendor Advisory NVD-CWE-noinfo