CVE-2019-17573
Description
By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack, which allows a malicious actor to inject javascript into the web page. Please note that the attack exploits a feature which is not typically not present in modern browsers, who remove dot segments before sending the request. However, Mobile applications may be vulnerable.
Risk Information
Base Score
6.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
16.126
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2019-17573 are fixed in IBM WebSphere 20.0.0.3 | Windows |
| Vulnerabilities CVE-2019-17573,CVE-2019-12423 are fixed in Apache-apache-cxf 3.2.12 | Windows |
| Vulnerabilities CVE-2019-17573,CVE-2019-12423 are fixed in Apache-apache-cxf 3.3.5 | Windows |
| Vulnerabilities CVE-2019-17573,CVE-2019-12423 are fixed in Apache - cxf 3.2.12 | Windows |
| Vulnerabilities CVE-2019-17573,CVE-2019-12423 are fixed in Apache - cxf 3.3.5 | Windows |
| Multiple Vulnerabilities are affected in IBM Business Automation Workflow 19.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Planning Analytics Local 2.0.9.2 | Windows |
| Multiple Vulnerabilities are affected in IBM Tivoli Application Dependency Discovery Manager 7.3.0.7 | Windows |
| Vulnerabilities CVE-2019-17573,CVE-2019-12423 are fixed in Apache-apache-cxf for Linux 3.2.12 | Linux |
| Vulnerabilities CVE-2019-17573,CVE-2019-12423 are fixed in Apache-apache-cxf for Linux 3.3.5 | Linux |
| Vulnerabilities CVE-2019-17573,CVE-2019-12423 are fixed in Apache - cxf for Linux 3.2.12 | Linux |
| Vulnerabilities CVE-2019-17573,CVE-2019-12423 are fixed in Apache - cxf for Linux 3.3.5 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234