A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows an attacker to perform a remote directory listing or code exfiltration. The vulnerability only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, and so the vulnerability can only arise if the CXF service is misconfigured.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2022-12-13T14:46:55.619Z

Updated: 2024-08-03T14:31:45.874Z

Reserved: 2022-12-02T08:07:29.876Z

Link: CVE-2022-46363

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-12-13T15:15:11.677

Modified: 2024-11-21T07:30:27.900

Link: CVE-2022-46363

cve-icon Redhat

Severity : Moderate

Publid Date: 2022-12-13T00:00:00Z

Links: CVE-2022-46363 - Bugzilla