漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Apache CXF: WS JSON request filter trusts metadata from an unvalidated first signature entry
Vulnerability Description
A vulnerability in Apache CXF's JwsJsonContainerRequestFilter can be exploited to cause CXF to process metadata that was not authenticated by the accepted signature. This can bypass the application's assumption that accepted `Content-Type` or protected HTTP-header metadata came from a verified signature entry, and may steer downstream JAX-RS entity parsing or signed-header consistency checks. Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fix this issue.
CVSS Information
N/A
Vulnerability Type
密码学签名的验证不恰当
Vulnerability Title
Apache CXF 加密问题漏洞
Vulnerability Description
Apache cxf是美国Apache基金会开源的一个Web服务开发框架。 Apache CXF 4.1.7之前版本和4.2.0至4.2.2之前版本存在加密问题漏洞,该漏洞源于JwsJsonContainerRequestFilter未正确验证签名,可能导致中间人攻击,绕过Content-Type或受保护HTTP标头元数据的签名验证,影响下游JAX-RS实体解析。以下版本受到影响:所有4.1.7之前版本和4.2.0至4.2.2之前版本。
CVSS Information
N/A
Vulnerability Type
N/A