CVE-2016-6812
moderate-risk
Published 2017-08-10
The HTTP transport module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 uses FormattedServiceListWriter to provide an HTML page which lists the names and absolute URL addresses of the available service endpoints. The module calculates the base URL using the current HttpServletRequest. The calculated base URL is used by FormattedServiceListWriter to build the service endpoint absolute URLs. If the unexpected matrix parameters have been injected into the request URL then these matrix parameters will find their way back to the client in the services list page which represents an XSS risk to the client.
Do I need to act?
~
8.6% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.1/10
Medium
NETWORK
/ LOW complexity
Affected Vendors
References (22)
Third Party Advisory
http://www.securityfocus.com/bid/97582
Third Party Advisory
http://www.securitytracker.com/id/1037543
Issue Tracking
https://issues.apache.org/jira/browse/CXF-6216
Third Party Advisory
http://www.securityfocus.com/bid/97582
Third Party Advisory
http://www.securitytracker.com/id/1037543
Issue Tracking
https://issues.apache.org/jira/browse/CXF-6216
and 2 more references
49
/ 100
moderate-risk
Severity
23/34 · High
Exploitability
10/34 · Low
Exposure
16/34 · Moderate