CVE-2022-46363
CVSS v3.1
7.5 (High)
EPSS
0.09 % (38th)
Affected Products
1
Advisories
1
A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows an attacker to perform a remote directory listing or code exfiltration. The vulnerability only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, and so the vulnerability can only arise if the CXF service is misconfigured.
Weaknesses
- CWE-20
- Improper Input Validation
- CVE Status
- PUBLISHED
- CNA
- Apache Software Foundation
- Published Date
-
2022-12-13 15:15:11
(21 months ago) - Updated Date
-
2023-11-07 03:55:35
(10 months ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...