Lucene search

Improper Neutralization of Input During Web Page Generation in Apache CXF

🗓️ 13 May 2022 01:20:09Reported by GitHub Advisory DatabaseType

Improper Neutralization of Input During Web Page Generation in Apache CXF. HTTP transport module in Apache CXF uses FormattedServiceLIstWriter to provide a page listing available service endpoints. Base URL calculation using current HttpServletRequest can lead to XSS risk if unexpected matrix parameters are injected into request URL

Reporter	Title	Published	Views	Family All 17
RedhatCVE	CVE-2016-6812	21 Dec 201614:47	–	redhatcve
OSV	Improper Neutralization of Input During Web Page Generation in Apache CXF	13 May 202201:09	–	osv
OSV	CVE-2016-6812	10 Aug 201716:29	–	osv
Cvelist	CVE-2016-6812	10 Aug 201716:00	–	cvelist
NVD	CVE-2016-6812	10 Aug 201716:29	–	nvd
CVE	CVE-2016-6812	10 Aug 201716:29	–	cve
Prion	Design/Logic Flaw	10 Aug 201716:29	–	prion
Veracode	Cross-site Scripting (XSS)	28 Dec 201603:45	–	veracode
OpenVAS	Fedora Update for cxf FEDORA-2016-2361e1e07a	1 Jan 201700:00	–	openvas
IBM Security Bulletins	Security Bulletin: Security vulnerabilities have been identified in the Apache CXF component of IBM Tivoli Network Manager IP Edition (CVE-2016-6812, CVE-2016-8739)	17 Jun 201815:40	–	ibm

Vulners

Node

org.apache.cxf cxf\-coreRange3.1.0–3.1.8

org.apache.cxf cxf\-coreRange≤3.0.11

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2016-6812
access	www.access.redhat.com/errata/RHSA-2017:0868
issues	www.issues.apache.org/jira/browse/CXF-6216
lists	www.lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
lists	www.lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
lists	www.lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
lists	www.lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
lists	www.lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
lists	www.lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
cxf	www.cxf.apache.org/security-advisories.data/CVE-2016-6812.txt.asc

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

13 May 2022 01:09Current

0.9Low risk

Vulners AI Score0.9

CVSS24.3

CVSS36.1

EPSS0.0656

CWE-79