Back to bug 2155681
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Zack Miele | 2022-12-21 20:51:13 UTC | Doc Text | A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows an attacker to perform a remote directory listing or code exfiltration. The vulnerability only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, and so the vulnerability can only arise if the CXF service is misconfigured. | A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. The vulnerability only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, and so the vulnerability can only arise if the CXF service is misconfigured. |
| Zack Miele | 2022-12-21 20:52:30 UTC | CC | aboyko, aileenc, alazarot, anstephe, avibelli, balejosg, bgeorges, boliveir, clement.escoffier, dandread, emingora, fmongiar, gjospin, gmalinko, gsmet, hamadhan, ibek, janstey, jcantril, jnethert, jolee, jpavlik, jpoth, jrokos, jschatte, jstastny, kverlaen, lthon, max.andersen, mnovotny, pdelbell, pdrozd, peholase, periklis, pgallagh, probinso, pskopek, rguimara, rrajasek, rruss, rsvoboda, sbiarozk, sdouglas, sthorger, tcunning, yfang | |
| Paige Jung | 2022-12-21 21:54:34 UTC | Doc Text | A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. The vulnerability only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, and so the vulnerability can only arise if the CXF service is misconfigured. | A vulnerability was found in Apache CXF that could allow an attacker to perform a remote directory listing or code exfiltration. This issue only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, so the issue can only occur if the CXF service is misconfigured. |
| Red Hat Bugzilla | 2022-12-31 23:43:14 UTC | CC | aboyko | |
| errata-xmlrpc | 2023-01-26 21:55:54 UTC | Link ID | Red Hat Product Errata RHSA-2023:0483 | |
| errata-xmlrpc | 2023-01-30 17:12:08 UTC | Link ID | Red Hat Product Errata RHSA-2023:0544 | |
| Product Security DevOps Team | 2023-02-01 05:26:03 UTC | Resolution | --- | ERRATA |
| Status | NEW | CLOSED | ||
| Last Closed | 2023-02-01 05:26:03 UTC | |||
| errata-xmlrpc | 2023-03-01 21:43:55 UTC | Link ID | Red Hat Product Errata RHSA-2023:1043 | |
| errata-xmlrpc | 2023-03-01 21:46:23 UTC | Link ID | Red Hat Product Errata RHSA-2023:1044 | |
| errata-xmlrpc | 2023-03-01 21:48:51 UTC | Link ID | Red Hat Product Errata RHSA-2023:1045 | |
| errata-xmlrpc | 2023-03-01 21:51:34 UTC | Link ID | Red Hat Product Errata RHSA-2023:1047 | |
| errata-xmlrpc | 2023-03-01 21:59:51 UTC | Link ID | Red Hat Product Errata RHSA-2023:1049 | |
| errata-xmlrpc | 2023-06-15 15:24:11 UTC | Link ID | Red Hat Product Errata RHSA-2023:3641 | |
| Chess Hazlett | 2023-06-27 17:51:11 UTC | Doc Type | --- | If docs needed, set a value |
| errata-xmlrpc | 2023-06-28 15:59:22 UTC | Link ID | Red Hat Product Errata RHSA-2023:3906 | |
| errata-xmlrpc | 2023-06-29 20:08:07 UTC | Link ID | Red Hat Product Errata RHSA-2023:3954 |
Back to bug 2155681