CVE-2021-22696: SSRF
First published: Fri Apr 02 2021(Updated: )
Apache CXF is vulnerable to a denial of service, caused by improper validation of request_uri parameter by the OAuth 2 authorization service. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition on the authorization server.
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache CXF | <3.3.10 | |
| Apache CXF | >=3.4.0<3.4.3 | |
| Oracle Business Intelligence | =5.5.0.0.0 | |
| Oracle Business Intelligence | =5.9.0.0.0 | |
| Oracle Business Intelligence | =12.2.1.3.0 | |
| Oracle Business Intelligence | =12.2.1.4.0 | |
| Oracle Communications Diameter Intelligence Hub | >=8.0.0<=8.1.0 | |
| Oracle Communications Diameter Intelligence Hub | >=8.2.0<=8.2.3 | |
| Oracle Communications Element Manager | =8.2.2 | |
| Oracle Communications Session Report Manager | >=8.0.0<=8.2.4.0 | |
| Oracle Communications Session Route Manager | >=8.0.0<=8.2.4 | |
| redhat/cxf-3.3.10 cxf | <3.4.3 | 3.4.3 |
| <=10.5 | ||
| <=10.6 | ||
| <=11.0 | ||
| <=11.1 | ||
| <=11.2 | ||
| <=11.3 | ||
| <=11.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://exchange.xforce.ibmcloud.com/vulnerabilities/199335
- https://www.ibm.com/support/pages/node/6831647 (Advisory)
- http://www.openwall.com/lists/oss-security/2021/04/02/2
- https://cxf.apache.org/security-advisories.data/CVE-2021-22696.txt.asc
- https://lists.apache.org/thread.html/r6445001cc5f9a2bb1e6316993753306e054bdd1d702656b7cbe59045@%3Cannounce.apache.org%3E
- https://lists.apache.org/thread.html/r8651c06212c56294a1c0ea61a5ad7790c06502209c03f05c0c7c9914@%3Cdev.cxf.apache.org%3E
- https://lists.apache.org/thread.html/r8651c06212c56294a1c0ea61a5ad7790c06502209c03f05c0c7c9914@%3Cusers.cxf.apache.org%3E
- https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
- https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- http://cxf.apache.org/download.html
- https://github.com/apache/cxf/commit/7d5d2c7a019dd1e1d0566daf9f1ed5b7b0dd66b7
- https://tools.ietf.org/html/draft-ietf-oauth-jwsreq-30#section-10.4
- https://github.com/apache/cxf/commit/aee3bf291a7387cc492aa0dbdb0fb2af96687994
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1946341#c1
- https://access.redhat.com/errata/RHSA-2021:5134
- https://access.redhat.com/security/cve/cve-2021-22696
- https://access.redhat.com/errata/RHSA-2022:7273
- https://bugzilla.redhat.com/show_bug.cgi?id=1946341
- https://www.cve.org/CVERecord?id=CVE-2021-22696 https://nvd.nist.gov/vuln/detail/CVE-2021-22696 https://cxf.apache.org/security-advisories.data/CVE-2021-22696.txt.asc
Frequently Asked Questions
What is the vulnerability ID for this Apache CXF vulnerability?
The vulnerability ID for this Apache CXF vulnerability is CVE-2021-22696.
What is the severity of CVE-2021-22696?
The severity of CVE-2021-22696 is high with a severity value of 7.5.
How does CVE-2021-22696 affect Apache CXF?
CVE-2021-22696 affects Apache CXF by causing a denial of service due to improper validation of the request_uri parameter.
Which versions of Apache CXF are affected by CVE-2021-22696?
Apache CXF versions up to and including 3.4.3 are affected by CVE-2021-22696.
How can I fix CVE-2021-22696?
To fix CVE-2021-22696, it is recommended to update Apache CXF to version 3.4.4 or higher.
- collector/redhat-cve
- collector/nvd-index
- agent/type
- agent/remedy
- agent/last-modified-date
- agent/first-publish-date
- agent/references
- agent/severity
- agent/weakness
- agent/author
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-22696
- agent/software-canonical-lookup
- collector/ibm-support
- source/IBM
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- vendor/apache
- canonical/apache cxf
- version/apache cxf/3.4.0
- vendor/oracle
- canonical/oracle business intelligence
- version/oracle business intelligence/5.5.0.0.0
- version/oracle business intelligence/5.9.0.0.0
- version/oracle business intelligence/12.2.1.3.0
- version/oracle business intelligence/12.2.1.4.0
- canonical/oracle communications diameter intelligence hub
- version/oracle communications diameter intelligence hub/8.0.0
- version/oracle communications diameter intelligence hub/8.1.0
- version/oracle communications diameter intelligence hub/8.2.0
- version/oracle communications diameter intelligence hub/8.2.3
- canonical/oracle communications element manager
- version/oracle communications element manager/8.2.2
- canonical/oracle communications session report manager
- version/oracle communications session report manager/8.0.0
- version/oracle communications session report manager/8.2.4.0
- canonical/oracle communications session route manager
- version/oracle communications session route manager/8.0.0
- version/oracle communications session route manager/8.2.4
- package-manager/redhat
- vendor/ibm
- canonical/ibm security guardium
- version/ibm security guardium/10.5
- version/ibm security guardium/10.6
- version/ibm security guardium/11.0
- version/ibm security guardium/11.1
- version/ibm security guardium/11.2
- version/ibm security guardium/11.3
- version/ibm security guardium/11.4