Apache CXF up to 3.0.11/3.1.8 HTTP Transport Parameter cross site scripting
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.1 | $0-$5k | 0.00 |
Summary
A vulnerability identified as problematic has been detected in Apache CXF up to 3.0.11/3.1.8. Affected by this issue is some unknown functionality of the component HTTP Transport Module. This manipulation as part of Parameter causes cross site scripting. This vulnerability is registered as CVE-2016-6812. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.
Details
A vulnerability has been found in Apache CXF up to 3.0.11/3.1.8 (Application Server Software) and classified as problematic. Affected by this vulnerability is some unknown functionality of the component HTTP Transport Module. The manipulation as part of a Parameter leads to a cross site scripting vulnerability. The CWE definition for the vulnerability is CWE-79. The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. As an impact it is known to affect integrity. The summary by CVE is:
The HTTP transport module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 uses FormattedServiceListWriter to provide an HTML page which lists the names and absolute URL addresses of the available service endpoints. The module calculates the base URL using the current HttpServletRequest. The calculated base URL is used by FormattedServiceListWriter to build the service endpoint absolute URLs. If the unexpected matrix parameters have been injected into the request URL then these matrix parameters will find their way back to the client in the services list page which represents an XSS risk to the client.
The bug was discovered 01/02/2017. The weakness was published 08/10/2017 by Mike (Website). The advisory is shared at cxf.apache.org. This vulnerability is known as CVE-2016-6812 since 08/12/2016. The attack can be launched remotely. The exploitation doesn't need any form of authentication. It demands that the victim is doing some kind of user interaction. Neither technical details nor an exploit are publicly available. MITRE ATT&CK project uses the attack technique T1059.007 for this issue.
The vulnerability scanner Nessus provides a plugin with the ID 96199 (Fedora 25 : 1:cxf (2016-2361e1e07a)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Fedora Local Security Checks and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 276359 (Fedora Security Update for cxf (FEDORA-2016-2361e1e07a)).
Upgrading to version 3.0.12 or 3.1.9 eliminates this vulnerability. A possible mitigation has been published before and not just after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at Tenable (96199) and SecurityFocus (BID 97582†). Similar entry is available at VDB-105206. If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Product
Type
Vendor
Name
Version
- 3.0.0
- 3.0.1
- 3.0.2
- 3.0.3
- 3.0.4
- 3.0.5
- 3.0.6
- 3.0.7
- 3.0.8
- 3.0.9
- 3.0.10
- 3.0.11
- 3.1.0
- 3.1.1
- 3.1.2
- 3.1.3
- 3.1.4
- 3.1.5
- 3.1.6
- 3.1.7
- 3.1.8
License
Website
- Vendor: https://www.apache.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.2VulDB Meta Temp Score: 5.1
VulDB Base Score: 4.3
VulDB Temp Score: 4.1
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 6.1
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Cross site scriptingCWE: CWE-79 / CWE-94 / CWE-74
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 96199
Nessus Name: Fedora 25 : 1:cxf (2016-2361e1e07a)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
OpenVAS ID: 867773
OpenVAS Name: Fedora Update for cxf FEDORA-2016-2361e1e07a
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: CXF 3.0.12/3.1.9
Timeline
08/12/2016 🔍12/31/2016 🔍
01/02/2017 🔍
01/03/2017 🔍
04/12/2017 🔍
08/10/2017 🔍
08/10/2017 🔍
08/11/2017 🔍
12/15/2022 🔍
Sources
Vendor: apache.orgAdvisory: FEDORA-2016-2361e1e07a
Researcher: Donald Kwakkel, Mike Noordermeer. (Mike)
Status: Not defined
Confirmation: 🔍
CVE: CVE-2016-6812 (🔍)
GCVE (CVE): GCVE-0-2016-6812
GCVE (VulDB): GCVE-100-105205
SecurityFocus: 97582 - Apache CXF CVE-2016-6812 Cross Site Scripting Vulnerability
SecurityTracker: 1037543
See also: 🔍
Entry
Created: 08/11/2017 04:03Updated: 12/15/2022 15:39
Changes: 08/11/2017 04:03 (75), 11/06/2019 09:46 (6), 01/08/2021 17:19 (2), 01/08/2021 17:21 (1), 12/15/2022 15:34 (3), 12/15/2022 15:39 (1)
Complete: 🔍
Cache ID: 216::103
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
No comments yet. Languages: en.
Please log in to comment.