Rewterz Threat Advisory – CVE-2022-31705 – VMware ESXi, Workstation, and Fusion Vulnerability
December 14, 2022Rewterz Threat Advisory – Multiple Mozilla Firefox Vulnerabilities
December 14, 2022Rewterz Threat Advisory – CVE-2022-31705 – VMware ESXi, Workstation, and Fusion Vulnerability
December 14, 2022Rewterz Threat Advisory – Multiple Mozilla Firefox Vulnerabilities
December 14, 2022Severity
High
Analysis Summary
CVE-2022-46363 CVSS:7.5
Apache CXF could allow a remote attacker to obtain sensitive information, caused by a flaw when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. By sending a specially-crafted request, an attacker could exploit this vulnerability to perform directory listing or code exfiltration, and use this information to launch further attacks against the affected system.
CVE-2022-46364 CVSS:7.5
Apache CXF is vulnerable to server-side request forgery, caused by a flaw in parsing the href attribute of XOP:Include in MTOM requests. By using a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack.
Impact
Buffer Overflow
Indicators Of Compromise
CVE
- CVE-2022-46363
- CVE-2022-46364
Affected Vendors
Apache
Affected Products
- Apache CXF 3.4.9
- Apache CXF 3.5.4
Remediation
Upgrade to the latest version of Apache CXF, available from the Apache Website.