Back to search
CVE-2022-46363
Published: Dec 13, 2022
Modified: Apr 22, 2025
PUBLISHED
Description
A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows an attacker to perform a remote directory listing or code exfiltration. The vulnerability only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, and so the vulnerability can only arise if the CXF service is misconfigured.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache CXF | affected 3.5 - < 3.5.5affected 3.4 - < 3.4.10 |
Weaknesses (CWE)
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now