CVE-2016-6812
Reported by apache · Published August 10, 2017
The HTTP transport module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 uses FormattedServiceListWriter to provide an HTML page which lists the names and absolute URL addresses of the available service endpoints. The module calculates the base URL using the current HttpServletRequest. The calculated base URL is used by FormattedServiceListWriter to build the service endpoint absolute URLs. If the unexpected matrix parameters have been injected into the request URL then these matrix parameters will find their way back to the client in the services list page which represents an XSS risk to the client.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache Software Foundation | Apache CXF | prior to 3.0.12, 3.1.x prior to 3.1.9 |
| Apache Software Foundation | Apache CXF | prior to 3.0.12, 3.1.x prior to 3.1.9, prior to 3.0.12 |
| Maven | org.apache.cxf:cxf-rt-transports-http | 0, 0, 0 |
| Maven | org.apache.cxf:cxf-core | 0, 0, 0 |
Exploit Intelligence
- shoucheng3/asf__cxf_CVE-2016-6812_3-0-11 (github-poc)
- shoucheng3/asf__cxf_CVE-2016-6812_3-0-11 (github-poc)
- shoucheng3/asf__cxf_CVE-2016-6812_3-0-11 (github-poc)
- shoucheng3/asf__cxf_CVE-2016-6812_3-0-11 (github-poc)
Timeline
- Aug 10, 2017 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 16, 2023 EPSS Score
References
- RHSA-2017:0868 vendor-advisoryx_refsource_REDHAT
- x_refsource_CONFIRM
- 1037543 vdb-entryx_refsource_SECTRACK
- x_refsource_CONFIRM
- 97582 vdb-entryx_refsource_BID
- [cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html mailing-listx_refsource_MLIST
- [cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html mailing-listx_refsource_MLIST
- [cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html mailing-listx_refsource_MLIST
- [cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html mailing-listx_refsource_MLIST
- [cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html mailing-listx_refsource_MLIST
- [cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html mailing-listx_refsource_MLIST
- https://nvd.nist.gov/vuln/detail/CVE-2016-6812 advisory
- https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E url
- https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E url
- https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E url
- https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E url
- https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E url
- https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E url
- https://github.com/advisories/GHSA-vw2c-5wph-v92r advisory