{"containers": {"cna": {"affected": [{"product": "Apache CXF", "vendor": "Apache Software Foundation", "versions": [{"status": "affected", "version": "prior to 3.0.12"}, {"status": "affected", "version": "3.1.x prior to 3.1.9"}]}], "datePublic": "2016-12-19T00:00:00", "descriptions": [{"lang": "en", "value": "The HTTP transport module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 uses FormattedServiceListWriter to provide an HTML page which lists the names and absolute URL addresses of the available service endpoints. The module calculates the base URL using the current HttpServletRequest. The calculated base URL is used by FormattedServiceListWriter to build the service endpoint absolute URLs. If the unexpected matrix parameters have been injected into the request URL then these matrix parameters will find their way back to the client in the services list page which represents an XSS risk to the client."}], "problemTypes": [{"descriptions": [{"description": "XSS risk", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-06-16T11:06:28", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"name": "RHSA-2017:0868", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:0868"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://cxf.apache.org/security-advisories.data/CVE-2016-6812.txt.asc"}, {"name": "1037543", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1037543"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://issues.apache.org/jira/browse/CXF-6216"}, {"name": "97582", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/97582"}, {"name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "DATE_PUBLIC": "2016-12-19T00:00:00", "ID": "CVE-2016-6812", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache CXF", "version": {"version_data": [{"version_value": "prior to 3.0.12"}, {"version_value": "3.1.x prior to 3.1.9"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The HTTP transport module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 uses FormattedServiceListWriter to provide an HTML page which lists the names and absolute URL addresses of the available service endpoints. The module calculates the base URL using the current HttpServletRequest. The calculated base URL is used by FormattedServiceListWriter to build the service endpoint absolute URLs. If the unexpected matrix parameters have been injected into the request URL then these matrix parameters will find their way back to the client in the services list page which represents an XSS risk to the client."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "XSS risk"}]}]}, "references": {"reference_data": [{"name": "RHSA-2017:0868", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:0868"}, {"name": "http://cxf.apache.org/security-advisories.data/CVE-2016-6812.txt.asc", "refsource": "CONFIRM", "url": "http://cxf.apache.org/security-advisories.data/CVE-2016-6812.txt.asc"}, {"name": "1037543", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037543"}, {"name": "https://issues.apache.org/jira/browse/CXF-6216", "refsource": "CONFIRM", "url": "https://issues.apache.org/jira/browse/CXF-6216"}, {"name": "97582", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97582"}, {"name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E"}]}}}}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2016-6812", "datePublished": "2016-12-19T00:00:00", "dateReserved": "2016-08-12T00:00:00", "dateUpdated": "2021-06-16T11:06:28", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*", "matchCriteriaId": "98F580FB-30CB-424C-B401-02DD90BC2265", "versionEndIncluding": "3.0.11", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:3.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "BFBBD3B0-C8AE-45BA-83A3-847F03E90319", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "52F66A01-83E5-48D8-AD1F-7F331CC889D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:3.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "2A1BF056-AA31-4968-85C7-9897F5720325", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:3.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "EF05B313-65F0-4DD3-B6AC-0B4F6E39E677", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:3.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "F0DA5338-6541-46CF-B8BC-BA41CF9C33CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:3.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "132F95AB-FF48-4434-A5E7-4EC7C801FAC3", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:3.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "E74DDFC9-7DFB-4C60-B20D-274260481F1A", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:3.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "B0029085-6E5C-4502-967B-8CA47FDE39EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:3.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "69F2C5BA-4052-46F7-9AF4-BB87E7A8FFFC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The HTTP transport module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 uses FormattedServiceListWriter to provide an HTML page which lists the names and absolute URL addresses of the available service endpoints. The module calculates the base URL using the current HttpServletRequest. The calculated base URL is used by FormattedServiceListWriter to build the service endpoint absolute URLs. If the unexpected matrix parameters have been injected into the request URL then these matrix parameters will find their way back to the client in the services list page which represents an XSS risk to the client."}, {"lang": "es", "value": "El m\u00f3dulo de transporte HTTP en Apache CXF anterior a su versi\u00f3n 3.0.12 y en versiones 3.1.x anteriores a 3.1.9 utiliza FormattedServiceListWriter para proporcionar una p\u00e1gina HTML que enumera los nombres y URL absolutas de endpoints de servicio disponibles. El m\u00f3dulo calcula la URL base empleando el HttpServletRequest actual. La URL base calculada es empleada por FormattedServiceListWritter para construir las URL absolutas de los endpoints de servicio. Si los par\u00e1metros matriz inesperados se han inyectado en la URL de petici\u00f3n, esos par\u00e1metros matriz volver\u00e1n al cliente en la p\u00e1gina de lista de servicios, lo que representa un riesgo de XSS para el cliente."}], "id": "CVE-2016-6812", "lastModified": "2023-11-07T02:34:08.017", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-08-10T16:29:00.657", "references": [{"source": "security@apache.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://cxf.apache.org/security-advisories.data/CVE-2016-6812.txt.asc"}, {"source": "security@apache.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/97582"}, {"source": "security@apache.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1037543"}, {"source": "security@apache.org", "url": "https://access.redhat.com/errata/RHSA-2017:0868"}, {"source": "security@apache.org", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://issues.apache.org/jira/browse/CXF-6216"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}