org.apache.cxf:cxf-rt-management@3.2.11 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.apache.cxf:cxf-rt-management package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Man in The Middle (MiTM)

org.apache.cxf:cxf-rt-management is an Apache CXF Runtime Management package.

Affected versions of this package are vulnerable to Man in The Middle (MiTM). Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the createMBServerConnectorFactory property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack.

An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX.

How to fix Man in The Middle (MiTM)?

Upgrade org.apache.cxf:cxf-rt-management to version 3.2.13, 3.3.6 or higher.

[3.2.0,3.2.13) [3.3.0,3.3.6)