CVE-2019-17573: By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected…

medium6.1CVSS 3.1

AVNACLPRNUIRSCCLILAN

By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack, which allows a malicious actor to inject javascript into the web page. Please note that the attack exploits a feature which is not typically not present in modern browsers, who remove dot segments before sending the request. However, Mobile applications may be vulnerable.

Affected

27 ranges· showing 25

Vendor	Product	Version range	Fixed in
apache	cxf	< 3.3.8	3.3.8
apache	cxf	3.2.0 – 3.2.12	—
apache	cxf	>= 3.3.0 < 3.3.5	3.3.5
apache	cxf	>= 3.4.0 < 3.4.1	3.4.1
apache_software_foundation	apache_cxf	>= unspecified < 3.4.1	3.4.1
apache_software_foundation	apache_cxf	>= unspecified < 3.3.8	3.3.8
netapp	vasa_provider_for_clustered_data_ontap	>= 9.6	—
oracle	business_intelligence	—	—
oracle	business_intelligence	—	—
oracle	business_intelligence	—	—
oracle	business_intelligence	—	—
oracle	commerce_guided_search	—	—
oracle	communications_element_manager	—	—
oracle	communications_element_manager	—	—
oracle	communications_element_manager	—	—
oracle	communications_messaging_server	—	—
oracle	communications_messaging_server	—	—
oracle	communications_session_report_manager	—	—
oracle	communications_session_report_manager	—	—
oracle	communications_session_report_manager	—	—
oracle	communications_session_route_manager	—	—
oracle	communications_session_route_manager	—	—
oracle	communications_session_route_manager	—	—
oracle	flexcube_private_banking	—	—
oracle	flexcube_private_banking	—	—

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

ghsa6.1MEDIUM

osv6.1MEDIUM