Vulnerability Name:

CVE-2019-17573 (CCN-174689)

Assigned:2019-10-14
Published:2020-01-16
Updated:2021-06-17
Summary:By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack, which allows a malicious actor to inject javascript into the web page. Please note that the attack exploits a feature which is not typically not present in modern browsers, who remove dot segments before sending the request. However, Mobile applications may be vulnerable.
CVSS v3 Severity:6.1 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
5.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
6.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
5.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
5.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-79
Vulnerability Consequences:Cross-Site Scripting
References:Source: MITRE
Type: CNA
CVE-2019-17573

Source: CONFIRM
Type: Vendor Advisory
http://cxf.apache.org/security-advisories.data/CVE-2019-17573.txt.asc?version=1&modificationDate=1579178542000&api=v2

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20201112 CVE-2020-13954: Apache CXF Reflected XSS in the services listing page via the styleSheetPath

Source: CCN
Type: Apache CXF Web site
Apache CXF

Source: XF
Type: UNKNOWN
apache-cve201917573-xss(174689)

Source: MLIST
Type: Exploit, Mailing List, Vendor Advisory
[cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html

Source: MLIST
Type: Mailing List, Vendor Advisory
[announce] 20201112 CVE-2020-13954: Apache CXF Reflected XSS in the services listing page via the styleSheetPath

Source: MLIST
Type: Mailing List, Vendor Advisory
[cxf-dev] 20201112 CVE-2020-13954: Apache CXF Reflected XSS in the services listing page via the styleSheetPath

Source: MLIST
Type: Mailing List, Vendor Advisory
[cxf-users] 20201112 CVE-2020-13954: Apache CXF Reflected XSS in the services listing page via the styleSheetPath

Source: MLIST
Type: Mailing List, Vendor Advisory
[cxf-users] 20201125 RE: CVE-2020-13954: Apache CXF Reflected XSS in the services listing page via the styleSheetPath

Source: MLIST
Type: Exploit, Mailing List, Vendor Advisory
[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html

Source: MLIST
Type: Exploit, Mailing List, Vendor Advisory
[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html

Source: MLIST
Type: Mailing List, Vendor Advisory
[announce] 20200116 [CVE-2019-17573] Apache CXF Reflected XSS in the services listing page

Source: MLIST
Type: Exploit, Mailing List, Vendor Advisory
[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html

Source: MLIST
Type: Exploit, Mailing List, Vendor Advisory
[cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html

Source: CCN
Type: oss-sec Mailing List, Thu, 16 Jan 2020 14:10:53 +0000
[CVE-2019-17573] Apache CXF Reflected XSS in the services listing page

Source: CCN
Type: IBM Security Bulletin 6100132 (WebSphere Application Server Liberty)
Vulnerability in Apache CXF affects WebSphere Application Server (CVE-2019-17573)

Source: CCN
Type: IBM Security Bulletin 6190485 (Tivoli Application Dependency Discovery Manager)
Multiple Apache CXF vulnerabilities identified in IBM Tivoli Application Dependency Discovery Manager.

Source: CCN
Type: IBM Security Bulletin 6209035 (Global High Availability Mailbox)
Multiple vulnerabilities have been Identified In WebSphere Liberty Server shipped with IBM Global Mailbox

Source: CCN
Type: IBM Security Bulletin 6212155 (Spectrum Control Standard Edition)
Vulnerabilities in IBM WebSphere Application Server Liberty affect BM Spectrum Control (CVE-2019-17573, CVE-2019-12406)

Source: CCN
Type: IBM Security Bulletin 6232876 (WebSphere Application Server in Cloud)
Multiple vulnerabilities in the IBM HTTP Server and IBM WebSphere Application Server used in IBM WebSphere Application Server in IBM Cloud

Source: CCN
Type: IBM Security Bulletin 6238340 (Watson Speech to Text, Text to Speech)
Speech to Text, Text to Speech ICP, WebSphere Application Server Liberty Fix

Source: CCN
Type: IBM Security Bulletin 6242782 (Rational Asset Analyzer)
Rational Asset Analyzer (RAA) is affected by a WebSphere Application Server vulnerability

Source: CCN
Type: IBM Security Bulletin 6249995 (Control Center)
Apache CXF XSS Vulnerability Affects IBM Control Center (CVE-2019-17573)

Source: CCN
Type: IBM Security Bulletin 6261533 (Cloud Private)
IBM Cloud Private is vulnerable to an IBM WebSphere Application Server Liberty vulnerability (CVE-2019-17573)

Source: CCN
Type: IBM Security Bulletin 6324799 (Spectrum Protect Plus)
Multiple vulnerabilities in IBM WebSphere Application Server Liberty affect IBM Spectrum Protect Plus

Source: CCN
Type: IBM Security Bulletin 6327191 (PowerVM NovaLink)
Novalink is impacted by Apache CXF affects WebSphere Liberty JAX-WS middle vulnerability in WebSphere Application Server Liberty (CVE-2019-17573)

Source: CCN
Type: IBM Security Bulletin 6344071 (QRadar SIEM)
IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6356539 (Planning Analytics Local)
Multiple vulnerabilities affect IBM Planning Analytics

Source: CCN
Type: IBM Security Bulletin 6391590 (Cloud Application Business Insights)
Multiple Vulnerabilities in Websphere Liberty server (WLP) affects IBM Cloud Application Business Insights

Source: CCN
Type: IBM Security Bulletin 6405740 (Watson Machine Learning Accelerator)
Vulnerabilities in IBM WebSphere Liberty affects IBM Waston Machine Learning Accelerator

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html

Vulnerable Configuration:Configuration 1:
  • cpe:/a:apache:cxf:*:*:*:*:*:*:*:* (Version >= 3.2.0 and <= 3.2.12)
  • OR cpe:/a:apache:cxf:*:*:*:*:*:*:*:* (Version >= 3.3.0 and < 3.3.5)

    • Configuration 2:
  • cpe:/a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:apache:cxf:3.2.11:*:*:*:*:*:*:*
  • OR cpe:/a:apache:cxf:3.3.4:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:spectrum_protect_plus:10.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_asset_analyzer:6.1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server_in_cloud:8.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server_in_cloud:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server_in_cloud:*:*:*:*:liberty:*:*:*
  • OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:17.0.0.3:*:*:*:liberty:*:*:*
  • OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.3.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.3.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:20.0.0.2:*:*:*:liberty:*:*:*
  • OR cpe:/a:ibm:control_center:6.0.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:control_center:6.1.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:control_center:6.1.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_private:3.2.1:cd:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_asset_analyzer:6.1.0.23:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_protect_plus:10.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_private:3.2.2:cd:*:*:*:*:*:*
  • OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.3.3:p4:*:*:*:*:*:*
  • OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4.0:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4.1:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:planning_analytics_local:2.0.9.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_application_business_insights:1.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_application_business_insights:1.1.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    apache cxf *
    apache cxf *
    oracle commerce guided search 11.3.2
    oracle communications element manager 8.1.1
    oracle communications element manager 8.2.0
    oracle communications element manager 8.2.1
    oracle communications session report manager 8.1.1
    oracle communications session report manager 8.2.0
    oracle communications session report manager 8.2.1
    oracle communications session route manager 8.1.1
    oracle communications session route manager 8.2.0
    oracle communications session route manager 8.2.1
    oracle flexcube private banking 12.0.0
    oracle flexcube private banking 12.1.0
    oracle retail order broker 15.0
    apache cxf 3.2.11
    apache cxf 3.3.4
    ibm spectrum protect plus 10.1.0
    ibm rational asset analyzer 6.1.0.0
    ibm websphere application server in cloud 8.5
    ibm websphere application server in cloud 9.0
    ibm websphere application server in cloud *
    ibm qradar security information and event manager 7.3.0
    ibm websphere application server 17.0.0.3
    ibm tivoli application dependency discovery manager 7.3.0.0
    ibm tivoli application dependency discovery manager 7.3.0.7
    ibm websphere application server 20.0.0.2
    ibm control center 6.0.0.2
    ibm control center 6.1.2.1
    ibm control center 6.1.3.0
    ibm cloud private 3.2.1 cd
    ibm rational asset analyzer 6.1.0.23
    ibm spectrum protect plus 10.1.6
    ibm cloud private 3.2.2 cd
    ibm qradar security information and event manager 7.3.3 p4
    ibm qradar security information and event manager 7.4.0
    ibm qradar security information and event manager 7.4.1 -
    ibm planning analytics local 2.0.9.2
    ibm cloud application business insights 1.1.4
    ibm cloud application business insights 1.1.3