If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restricted to reject those protocols, removing this possibility. Users are recommended to upgrade to versions 3.6.8, 4.0.9 or 4.1.3, which fix this issue.
Apache CXF in versions prior to applying patches did not properly validate the protocols used in JMS configuration URLs. An untrusted user with the ability to configure JMS could provide a URL based on RMI or LDAP protocols, which could lead to server-side code execution (RCE). The patch restricts the allowed protocols in JMS configuration by rejecting RMI and LDAP addresses.
An attacker can gain full control over a vulnerable server through remote code execution, threatening the confidentiality, integrity, and availability of the system.
Apache CXF should be updated to version 3.6.8, 4.0.9, or 4.1.3, in which the issue has been fixed. Until the update is applied, the ability to modify JMS configuration by untrusted users should be restricted or eliminated.
Apache CXF in all versions before 3.6.8, 4.0.9, and 4.1.3 — affects deployments where untrusted users have the ability to configure JMS.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HApache Cxf
APPApache< 3.6.84.0.0 – 4.0.9 (bez)4.1.0 – 4.1.3 (bez)
Related vulnerabilities
Apache CXF: podatność XXE w EndpointReferenceUtils i W3CMultiSchemaFactory
Apache CXF: błąd logiki w OAuthRequestFilter odwraca weryfikację IP
Apache CXF: brak weryfikacji pola 'aud' w tokenach JWT (Token Confusion)
An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow ...
SSRF w opisie usług WADL w Apache CXF