Home

CVE-2021-22696

Description

CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a "request" parameter, the spec also supports specifying a URI from which to retrieve a JWT token from via the "request_uri" parameter. CXF was not validating the "request_uri" parameter (apart from ensuring it uses "https) and was making a REST request to the parameter in the request to retrieve a token. This means that CXF was vulnerable to DDos attacks on the authorization server, as specified in section 10.4.1 of the spec. This issue affects Apache CXF versions prior to 3.4.3; Apache CXF versions prior to 3.3.10.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
1.971

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2021-22696 are fixed in Apache-apache-cxf 3.4.3Windows
Vulnerabilities CVE-2021-22696 are fixed in Apache-apache-cxf 3.3.10Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.2.0.0Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 10.5Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 10.6Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.1Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.2Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.3Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.4Windows
Vulnerabilities CVE-2021-22696 are fixed in Apache - cxf 3.4.3Windows
Vulnerabilities CVE-2021-22696 are fixed in Apache - cxf 3.3.10Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.1.2.3Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.0Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.0.3.9Windows
Multiple Vulnerabilities are affected in IBM Tivoli Application Dependency Discovery Manager 7.3.0.8Windows
Vulnerabilities CVE-2021-22696 are fixed in Apache-apache-cxf for Linux 3.4.3Linux
Vulnerabilities CVE-2021-22696 are fixed in Apache-apache-cxf for Linux 3.3.10Linux
Vulnerabilities CVE-2021-22696 are fixed in Apache - cxf for Linux 3.4.3Linux
Vulnerabilities CVE-2021-22696 are fixed in Apache - cxf for Linux 3.3.10Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234