CVE-2019-17573

2020-01-16T18:15:00
ID CVE-2019-17573
Type cve
Reporter cve@mitre.org
Modified 2020-11-12T18:15:00

Description

By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack, which allows a malicious actor to inject javascript into the web page. Please note that the attack exploits a feature which is not typically not present in modern browsers, who remove dot segments before sending the request. However, Mobile applications may be vulnerable.