{ "CVE_data_meta": { "ASSIGNER": "security@apache.org", "ID": "CVE-2021-22696", "STATE": "PUBLIC", "TITLE": "OAuth 2 authorization service vulnerable to DDos attacks" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache CXF", "version": { "version_data": [ { "version_affected": "<", "version_value": "3.4.3" }, { "version_affected": "<", "version_value": "3.3.10" } ] } } ] }, "vendor_name": "Apache Software Foundation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a \"request\" parameter, the spec also supports specifying a URI from which to retrieve a JWT token from via the \"request_uri\" parameter. CXF was not validating the \"request_uri\" parameter (apart from ensuring it uses \"https) and was making a REST request to the parameter in the request to retrieve a token. This means that CXF was vulnerable to DDos attacks on the authorization server, as specified in section 10.4.1 of the spec. This issue affects Apache CXF versions prior to 3.4.3; Apache CXF versions prior to 3.3.10." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": {}, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-918 Server-Side Request Forgery (SSRF)" } ] }, { "description": [ { "lang": "eng", "value": "CWE-400 Uncontrolled Resource Consumption" } ] } ] }, "references": { "reference_data": [ { "refsource": "MISC", "url": "https://cxf.apache.org/security-advisories.data/CVE-2021-22696.txt.asc", "name": "https://cxf.apache.org/security-advisories.data/CVE-2021-22696.txt.asc" }, { "refsource": "MLIST", "name": "[cxf-dev] 20210402 CVE-2021-22696: OAuth 2 authorization service vulnerable to DDos attacks", "url": "https://lists.apache.org/thread.html/r8651c06212c56294a1c0ea61a5ad7790c06502209c03f05c0c7c9914@%3Cdev.cxf.apache.org%3E" }, { "refsource": "MLIST", "name": "[oss-security] 20210402 CVE-2021-22696: Apache CXF: OAuth 2 authorization service vulnerable to DDos attacks", "url": "http://www.openwall.com/lists/oss-security/2021/04/02/2" }, { "refsource": "MLIST", "name": "[cxf-users] 20210402 CVE-2021-22696: OAuth 2 authorization service vulnerable to DDos attacks", "url": "https://lists.apache.org/thread.html/r8651c06212c56294a1c0ea61a5ad7790c06502209c03f05c0c7c9914@%3Cusers.cxf.apache.org%3E" }, { "refsource": "MLIST", "name": "[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html", "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E" }, { "refsource": "MLIST", "name": "[announce] 20210402 [Apache CXF] CVE-2021-22696: OAuth 2 authorization service vulnerable to DDos attacks", "url": "https://lists.apache.org/thread.html/r6445001cc5f9a2bb1e6316993753306e054bdd1d702656b7cbe59045@%3Cannounce.apache.org%3E" }, { "refsource": "MLIST", "name": "[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html", "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E" }, { "url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuapr2022.html" } ] }, "source": { "discovery": "UNKNOWN" } }