Cross-site Tracing (XST) Affecting org.apache.cxf:cxf-rt-transports-http-jetty Open this link in a new tab package, versions [3.0.0,3.0.12) [3.1.0,3.1.9)


0.0
low
  • Attack Complexity

    High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id

    SNYK-JAVA-ORGAPACHECXF-30583

  • published

    30 Oct 2016

  • disclosed

    30 Oct 2016

  • credit

    Unknown

Introduced: 30 Oct 2016

CWE-284 Open this link in a new tab

Overview

org.apache.cxf:cxf-rt-transports-http-jetty is an open source services framework.

Affected versions of the package are vulnerable to Cross-site Tracing (XST). The package still had HTTP TRACE method enabled. It is considered as a security risk.