A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows an attacker to perform a remote directory listing or code exfiltration. The vulnerability only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, and so the vulnerability can only arise if the CXF service is misconfigured.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2022-12-13T14:46:55.619Z
Updated: 2024-08-03T14:31:45.874Z
Reserved: 2022-12-02T08:07:29.876Z
Link: CVE-2022-46363
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-12-13T15:15:11.677
Modified: 2024-11-21T07:30:27.900
Link: CVE-2022-46363
Redhat