A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows an attacker to perform a remote directory listing or code exfiltration. The vulnerability only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. These attributes are not supposed to be used together, and so the vulnerability can only arise if the CXF service is misconfigured.

Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 22 Apr 2025 03:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 25 Feb 2025 02:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat jboss Enterprise Application Platform Eus
CPEs cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
Vendors & Products Redhat jboss Enterprise Application Platform Eus

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2025-04-22T02:50:45.431Z

Reserved: 2022-12-02T08:07:29.876Z

Link: CVE-2022-46363

cve-icon Vulnrichment

Updated: 2024-08-03T14:31:45.874Z

cve-icon NVD

Status : Modified

Published: 2022-12-13T15:15:11.677

Modified: 2025-04-22T03:15:20.727

Link: CVE-2022-46363

cve-icon Redhat

Severity : Moderate

Publid Date: 2022-12-13T00:00:00Z

Links: CVE-2022-46363 - Bugzilla

cve-icon OpenCVE Enrichment

No data.