CVE-2020-1954: Infoleak
First published: Wed Apr 01 2020(Updated: )
Apache CXF has the ability to integrate with JMX by registering an `InstrumentationManager` extension with the CXF bus. If the `createMBServerConnectorFactory` property of the default `InstrumentationManagerImpl` is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX.
Credit: security@apache.org security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| maven/org.apache.cxf:cxf-rt-management | >=3.3.0<3.3.6 | 3.3.6 |
| maven/org.apache.cxf:cxf-rt-management | <3.2.13 | 3.2.13 |
| redhat/eap7-activemq-artemis | <0:2.9.0-5.redhat_00011.1.el6ea | 0:2.9.0-5.redhat_00011.1.el6ea |
| redhat/eap7-activemq-artemis-native | <1:1.0.2-1.redhat_00001.1.el6ea | 1:1.0.2-1.redhat_00001.1.el6ea |
| redhat/eap7-apache-commons-codec | <0:1.14.0-1.redhat_00001.1.el6ea | 0:1.14.0-1.redhat_00001.1.el6ea |
| redhat/eap7-apache-commons-lang | <0:3.10.0-1.redhat_00001.1.el6ea | 0:3.10.0-1.redhat_00001.1.el6ea |
| redhat/eap7-apache-cxf | <0:3.3.7-1.redhat_00001.1.el6ea | 0:3.3.7-1.redhat_00001.1.el6ea |
| redhat/eap7-artemis-native | <1:1.0.2-3.redhat_1.el6ea | 1:1.0.2-3.redhat_1.el6ea |
| redhat/eap7-bouncycastle | <0:1.65.0-1.redhat_00001.1.el6ea | 0:1.65.0-1.redhat_00001.1.el6ea |
| redhat/eap7-glassfish-jsf | <0:2.3.9-11.SP12_redhat_00001.1.el6ea | 0:2.3.9-11.SP12_redhat_00001.1.el6ea |
| redhat/eap7-hal-console | <0:3.2.10-1.Final_redhat_00001.1.el6ea | 0:3.2.10-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-hibernate | <0:5.3.18-1.Final_redhat_00001.1.el6ea | 0:5.3.18-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-httpcomponents-client | <0:4.5.12-1.redhat_00001.1.el6ea | 0:4.5.12-1.redhat_00001.1.el6ea |
| redhat/eap7-httpcomponents-core | <0:4.4.13-1.redhat_00001.1.el6ea | 0:4.4.13-1.redhat_00001.1.el6ea |
| redhat/eap7-jberet | <0:1.3.7-1.Final_redhat_00001.1.el6ea | 0:1.3.7-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-jboss-invocation | <0:1.5.3-1.Final_redhat_00001.1.el6ea | 0:1.5.3-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-jboss-logmanager | <0:2.1.17-1.Final_redhat_00001.1.el6ea | 0:2.1.17-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-jboss-server-migration | <0:1.7.2-2.Final_redhat_00002.1.el6ea | 0:1.7.2-2.Final_redhat_00002.1.el6ea |
| redhat/eap7-jboss-xnio-base | <0:3.7.9-1.Final_redhat_00001.1.el6ea | 0:3.7.9-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-jgroups | <0:4.1.10-1.Final_redhat_00001.1.el6ea | 0:4.1.10-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-narayana | <0:5.9.9-1.Final_redhat_00001.1.el6ea | 0:5.9.9-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-picketbox | <0:5.0.3-8.Final_redhat_00007.1.el6ea | 0:5.0.3-8.Final_redhat_00007.1.el6ea |
| redhat/eap7-picketlink-bindings | <0:2.5.5-25.SP12_redhat_00013.1.el6ea | 0:2.5.5-25.SP12_redhat_00013.1.el6ea |
| redhat/eap7-snakeyaml | <0:1.26.0-1.redhat_00001.1.el6ea | 0:1.26.0-1.redhat_00001.1.el6ea |
| redhat/eap7-undertow | <0:2.0.31-1.SP1_redhat_00001.1.el6ea | 0:2.0.31-1.SP1_redhat_00001.1.el6ea |
| redhat/eap7-velocity | <0:2.2.0-1.redhat_00001.1.el6ea | 0:2.2.0-1.redhat_00001.1.el6ea |
| redhat/eap7-wildfly | <0:7.3.3-4.GA_redhat_00004.1.el6ea | 0:7.3.3-4.GA_redhat_00004.1.el6ea |
| redhat/eap7-wildfly-elytron | <0:1.10.8-1.Final_redhat_00001.1.el6ea | 0:1.10.8-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-wildfly-transaction-client | <0:1.1.13-1.Final_redhat_00001.1.el6ea | 0:1.1.13-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-xerces-j2 | <0:2.12.0-2.SP03_redhat_00001.1.el6ea | 0:2.12.0-2.SP03_redhat_00001.1.el6ea |
| redhat/eap7-activemq-artemis | <0:2.9.0-5.redhat_00011.1.el7ea | 0:2.9.0-5.redhat_00011.1.el7ea |
| redhat/eap7-activemq-artemis-native | <1:1.0.2-1.redhat_00001.1.el7ea | 1:1.0.2-1.redhat_00001.1.el7ea |
| redhat/eap7-apache-commons-codec | <0:1.14.0-1.redhat_00001.1.el7ea | 0:1.14.0-1.redhat_00001.1.el7ea |
| redhat/eap7-apache-commons-lang | <0:3.10.0-1.redhat_00001.1.el7ea | 0:3.10.0-1.redhat_00001.1.el7ea |
| redhat/eap7-apache-cxf | <0:3.3.7-1.redhat_00001.1.el7ea | 0:3.3.7-1.redhat_00001.1.el7ea |
| redhat/eap7-artemis-native | <1:1.0.2-3.redhat_1.el7ea | 1:1.0.2-3.redhat_1.el7ea |
| redhat/eap7-bouncycastle | <0:1.65.0-1.redhat_00001.1.el7ea | 0:1.65.0-1.redhat_00001.1.el7ea |
| redhat/eap7-glassfish-jsf | <0:2.3.9-11.SP12_redhat_00001.1.el7ea | 0:2.3.9-11.SP12_redhat_00001.1.el7ea |
| redhat/eap7-hal-console | <0:3.2.10-1.Final_redhat_00001.1.el7ea | 0:3.2.10-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-hibernate | <0:5.3.18-1.Final_redhat_00001.1.el7ea | 0:5.3.18-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-httpcomponents-client | <0:4.5.12-1.redhat_00001.1.el7ea | 0:4.5.12-1.redhat_00001.1.el7ea |
| redhat/eap7-httpcomponents-core | <0:4.4.13-1.redhat_00001.1.el7ea | 0:4.4.13-1.redhat_00001.1.el7ea |
| redhat/eap7-jberet | <0:1.3.7-1.Final_redhat_00001.1.el7ea | 0:1.3.7-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-jboss-invocation | <0:1.5.3-1.Final_redhat_00001.1.el7ea | 0:1.5.3-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-jboss-logmanager | <0:2.1.17-1.Final_redhat_00001.1.el7ea | 0:2.1.17-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-jboss-server-migration | <0:1.7.2-2.Final_redhat_00002.1.el7ea | 0:1.7.2-2.Final_redhat_00002.1.el7ea |
| redhat/eap7-jboss-xnio-base | <0:3.7.9-1.Final_redhat_00001.1.el7ea | 0:3.7.9-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-jgroups | <0:4.1.10-1.Final_redhat_00001.1.el7ea | 0:4.1.10-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-narayana | <0:5.9.9-1.Final_redhat_00001.1.el7ea | 0:5.9.9-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-picketbox | <0:5.0.3-8.Final_redhat_00007.1.el7ea | 0:5.0.3-8.Final_redhat_00007.1.el7ea |
| redhat/eap7-picketlink-bindings | <0:2.5.5-25.SP12_redhat_00013.1.el7ea | 0:2.5.5-25.SP12_redhat_00013.1.el7ea |
| redhat/eap7-snakeyaml | <0:1.26.0-1.redhat_00001.1.el7ea | 0:1.26.0-1.redhat_00001.1.el7ea |
| redhat/eap7-undertow | <0:2.0.31-1.SP1_redhat_00001.1.el7ea | 0:2.0.31-1.SP1_redhat_00001.1.el7ea |
| redhat/eap7-velocity | <0:2.2.0-1.redhat_00001.1.el7ea | 0:2.2.0-1.redhat_00001.1.el7ea |
| redhat/eap7-wildfly | <0:7.3.3-4.GA_redhat_00004.1.el7ea | 0:7.3.3-4.GA_redhat_00004.1.el7ea |
| redhat/eap7-wildfly-elytron | <0:1.10.8-1.Final_redhat_00001.1.el7ea | 0:1.10.8-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-wildfly-transaction-client | <0:1.1.13-1.Final_redhat_00001.1.el7ea | 0:1.1.13-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-xerces-j2 | <0:2.12.0-2.SP03_redhat_00001.1.el7ea | 0:2.12.0-2.SP03_redhat_00001.1.el7ea |
| redhat/eap7-activemq-artemis | <0:2.9.0-5.redhat_00011.1.el8ea | 0:2.9.0-5.redhat_00011.1.el8ea |
| redhat/eap7-activemq-artemis-native | <1:1.0.2-1.redhat_00001.1.el8ea | 1:1.0.2-1.redhat_00001.1.el8ea |
| redhat/eap7-apache-commons-codec | <0:1.14.0-1.redhat_00001.1.el8ea | 0:1.14.0-1.redhat_00001.1.el8ea |
| redhat/eap7-apache-commons-lang | <0:3.10.0-1.redhat_00001.1.el8ea | 0:3.10.0-1.redhat_00001.1.el8ea |
| redhat/eap7-apache-cxf | <0:3.3.7-1.redhat_00001.1.el8ea | 0:3.3.7-1.redhat_00001.1.el8ea |
| redhat/eap7-artemis-native | <1:1.0.2-3.redhat_1.el8ea | 1:1.0.2-3.redhat_1.el8ea |
| redhat/eap7-bouncycastle | <0:1.65.0-1.redhat_00001.1.el8ea | 0:1.65.0-1.redhat_00001.1.el8ea |
| redhat/eap7-glassfish-jsf | <0:2.3.9-11.SP12_redhat_00001.1.el8ea | 0:2.3.9-11.SP12_redhat_00001.1.el8ea |
| redhat/eap7-hal-console | <0:3.2.10-1.Final_redhat_00001.1.el8ea | 0:3.2.10-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-hibernate | <0:5.3.18-1.Final_redhat_00001.1.el8ea | 0:5.3.18-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-httpcomponents-client | <0:4.5.12-1.redhat_00001.1.el8ea | 0:4.5.12-1.redhat_00001.1.el8ea |
| redhat/eap7-httpcomponents-core | <0:4.4.13-1.redhat_00001.1.el8ea | 0:4.4.13-1.redhat_00001.1.el8ea |
| redhat/eap7-jberet | <0:1.3.7-1.Final_redhat_00001.1.el8ea | 0:1.3.7-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-jboss-invocation | <0:1.5.3-1.Final_redhat_00001.1.el8ea | 0:1.5.3-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-jboss-logmanager | <0:2.1.17-1.Final_redhat_00001.1.el8ea | 0:2.1.17-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-jboss-server-migration | <0:1.7.2-2.Final_redhat_00002.1.el8ea | 0:1.7.2-2.Final_redhat_00002.1.el8ea |
| redhat/eap7-jboss-xnio-base | <0:3.7.9-1.Final_redhat_00001.1.el8ea | 0:3.7.9-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-jgroups | <0:4.1.10-1.Final_redhat_00001.1.el8ea | 0:4.1.10-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-narayana | <0:5.9.9-1.Final_redhat_00001.1.el8ea | 0:5.9.9-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-picketbox | <0:5.0.3-8.Final_redhat_00007.1.el8ea | 0:5.0.3-8.Final_redhat_00007.1.el8ea |
| redhat/eap7-picketlink-bindings | <0:2.5.5-25.SP12_redhat_00013.1.el8ea | 0:2.5.5-25.SP12_redhat_00013.1.el8ea |
| redhat/eap7-snakeyaml | <0:1.26.0-1.redhat_00001.1.el8ea | 0:1.26.0-1.redhat_00001.1.el8ea |
| redhat/eap7-undertow | <0:2.0.31-1.SP1_redhat_00001.1.el8ea | 0:2.0.31-1.SP1_redhat_00001.1.el8ea |
| redhat/eap7-velocity | <0:2.2.0-1.redhat_00001.1.el8ea | 0:2.2.0-1.redhat_00001.1.el8ea |
| redhat/eap7-wildfly | <0:7.3.3-4.GA_redhat_00004.1.el8ea | 0:7.3.3-4.GA_redhat_00004.1.el8ea |
| redhat/eap7-wildfly-elytron | <0:1.10.8-1.Final_redhat_00001.1.el8ea | 0:1.10.8-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-wildfly-transaction-client | <0:1.1.13-1.Final_redhat_00001.1.el8ea | 0:1.1.13-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-xerces-j2 | <0:2.12.0-2.SP03_redhat_00001.1.el8ea | 0:2.12.0-2.SP03_redhat_00001.1.el8ea |
| IBM Security Guardium | <=10.5 | |
| IBM Security Guardium | <=10.6 | |
| IBM Security Guardium | <=11.0 | |
| IBM Security Guardium | <=11.1 | |
| IBM Security Guardium | <=11.2 | |
| IBM Security Guardium | <=11.3 | |
| IBM Security Guardium | <=11.4 | |
| Apache CXF | <3.2.13 | |
| Apache CXF | >=3.3.0<3.3.6 | |
| Oracle Communications Diameter Signaling Router | >=8.0.0<=8.2.2 | |
| Oracle Communications Element Manager | >=8.2.0<=8.2.2 | |
| Oracle Communications Session Report Manager | >=8.2.0<=8.2.2 | |
| Oracle Enterprise Manager Base Platform | =13.2.1.0 | |
| Oracle PeopleSoft Enterprise PeopleTools | =8.56 | |
| NetApp OnCommand Workflow Automation | ||
| Netapp Snapmanager Sap | ||
| Oracle Communications Diameter Signaling Router Idih\ | >=8.0.0<=8.2.2 | |
| Oracle Communications Session Route Manager | >=8.2.0<=8.2.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://nvd.nist.gov/vuln/detail/CVE-2020-1954
- https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
- https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
- https://www.oracle.com/security-alerts/cpuoct2020.html
- http://cxf.apache.org/security-advisories.data/CVE-2020-1954.txt.asc?version=1&modificationDate=1585730169000&api=v2
- https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
- https://security.netapp.com/advisory/ntap-20220210-0001/
- https://github.com/apache/cxf/commit/1cf4fed546904a4a2560f53a2a2391d834b4026c
- https://github.com/advisories/GHSA-ffm7-7r8g-77xm (Advisory)
- https://exchange.xforce.ibmcloud.com/vulnerabilities/178938
- https://www.ibm.com/support/pages/node/6831647 (Advisory)
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1824302
- https://access.redhat.com/errata/RHSA-2020:3585
- https://access.redhat.com/security/cve/cve-2020-1954
- https://access.redhat.com/errata/RHSA-2020:4244
- https://access.redhat.com/errata/RHSA-2020:4245
- https://access.redhat.com/errata/RHSA-2020:4246
- https://access.redhat.com/errata/RHSA-2020:4247
- https://access.redhat.com/errata/RHSA-2020:4931
- https://access.redhat.com/errata/RHSA-2020:4960
- https://access.redhat.com/errata/RHSA-2020:4961
- https://bugzilla.redhat.com/show_bug.cgi?id=1824301
- https://www.cve.org/CVERecord?id=CVE-2020-1954 https://nvd.nist.gov/vuln/detail/CVE-2020-1954
Parent vulnerabilities
(Appears in the following advisories)
- collector/github-advisory-latest
- alias/GHSA-ffm7-7r8g-77xm
- alias/CVE-2020-1954
- collector/github-advisory
- collector/redhat-cve
- agent/author
- agent/type
- agent/remedy
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- agent/first-publish-date
- agent/severity
- agent/weakness
- agent/references
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- agent/softwarecombine
- agent/description
- agent/event
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-cve
- package-manager/maven
- package-manager/redhat
- vendor/ibm
- canonical/ibm security guardium
- version/ibm security guardium/10.5
- version/ibm security guardium/10.6
- version/ibm security guardium/11.0
- version/ibm security guardium/11.1
- version/ibm security guardium/11.2
- version/ibm security guardium/11.3
- version/ibm security guardium/11.4
- vendor/apache
- canonical/apache cxf
- version/apache cxf/3.3.0
- vendor/oracle
- canonical/oracle communications diameter signaling router
- version/oracle communications diameter signaling router/8.0.0
- version/oracle communications diameter signaling router/8.2.2
- canonical/oracle communications element manager
- version/oracle communications element manager/8.2.0
- version/oracle communications element manager/8.2.2
- canonical/oracle communications session report manager
- version/oracle communications session report manager/8.2.0
- version/oracle communications session report manager/8.2.2
- canonical/oracle enterprise manager base platform
- version/oracle enterprise manager base platform/13.2.1.0
- canonical/oracle peoplesoft enterprise peopletools
- version/oracle peoplesoft enterprise peopletools/8.56
- vendor/netapp
- canonical/netapp oncommand workflow automation
- canonical/netapp snapmanager sap
- canonical/oracle communications diameter signaling router idih\
- version/oracle communications diameter signaling router idih\/8.0.0
- version/oracle communications diameter signaling router idih\/8.2.2
- canonical/oracle communications session route manager
- version/oracle communications session route manager/8.2.0
- version/oracle communications session route manager/8.2.2