{
    "containers": {
        "cna": {
            "affected": [
                {
                    "product": "Apache CXF",
                    "vendor": "Apache Software Foundation",
                    "versions": [
                        {
                            "lessThan": "3.4.3",
                            "status": "affected",
                            "version": "unspecified",
                            "versionType": "custom"
                        },
                        {
                            "lessThan": "3.3.10",
                            "status": "affected",
                            "version": "unspecified",
                            "versionType": "custom"
                        }
                    ]
                }
            ],
            "descriptions": [
                {
                    "lang": "en",
                    "value": "CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a \"request\" parameter, the spec also supports specifying a URI from which to retrieve a JWT token from via the \"request_uri\" parameter. CXF was not validating the \"request_uri\" parameter (apart from ensuring it uses \"https) and was making a REST request to the parameter in the request to retrieve a token. This means that CXF was vulnerable to DDos attacks on the authorization server, as specified in section 10.4.1 of the spec. This issue affects Apache CXF versions prior to 3.4.3; Apache CXF versions prior to 3.3.10."
                }
            ],
            "problemTypes": [
                {
                    "descriptions": [
                        {
                            "cweId": "CWE-918",
                            "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                            "lang": "en",
                            "type": "CWE"
                        }
                    ]
                },
                {
                    "descriptions": [
                        {
                            "cweId": "CWE-400",
                            "description": "CWE-400 Uncontrolled Resource Consumption",
                            "lang": "en",
                            "type": "CWE"
                        }
                    ]
                }
            ],
            "providerMetadata": {
                "dateUpdated": "2022-04-19T23:24:23",
                "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
                "shortName": "apache"
            },
            "references": [
                {
                    "tags": [
                        "x_refsource_MISC"
                    ],
                    "url": "https://cxf.apache.org/security-advisories.data/CVE-2021-22696.txt.asc"
                },
                {
                    "name": "[cxf-dev] 20210402 CVE-2021-22696: OAuth 2 authorization service vulnerable to DDos attacks",
                    "tags": [
                        "mailing-list",
                        "x_refsource_MLIST"
                    ],
                    "url": "https://lists.apache.org/thread.html/r8651c06212c56294a1c0ea61a5ad7790c06502209c03f05c0c7c9914%40%3Cdev.cxf.apache.org%3E"
                },
                {
                    "name": "[oss-security] 20210402 CVE-2021-22696: Apache CXF: OAuth 2 authorization service vulnerable to DDos attacks",
                    "tags": [
                        "mailing-list",
                        "x_refsource_MLIST"
                    ],
                    "url": "http://www.openwall.com/lists/oss-security/2021/04/02/2"
                },
                {
                    "name": "[cxf-users] 20210402 CVE-2021-22696: OAuth 2 authorization service vulnerable to DDos attacks",
                    "tags": [
                        "mailing-list",
                        "x_refsource_MLIST"
                    ],
                    "url": "https://lists.apache.org/thread.html/r8651c06212c56294a1c0ea61a5ad7790c06502209c03f05c0c7c9914%40%3Cusers.cxf.apache.org%3E"
                },
                {
                    "name": "[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html",
                    "tags": [
                        "mailing-list",
                        "x_refsource_MLIST"
                    ],
                    "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E"
                },
                {
                    "name": "[announce] 20210402 [Apache CXF] CVE-2021-22696: OAuth 2 authorization service vulnerable to DDos attacks",
                    "tags": [
                        "mailing-list",
                        "x_refsource_MLIST"
                    ],
                    "url": "https://lists.apache.org/thread.html/r6445001cc5f9a2bb1e6316993753306e054bdd1d702656b7cbe59045%40%3Cannounce.apache.org%3E"
                },
                {
                    "name": "[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html",
                    "tags": [
                        "mailing-list",
                        "x_refsource_MLIST"
                    ],
                    "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E"
                },
                {
                    "tags": [
                        "x_refsource_MISC"
                    ],
                    "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                },
                {
                    "tags": [
                        "x_refsource_MISC"
                    ],
                    "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
                }
            ],
            "source": {
                "discovery": "UNKNOWN"
            },
            "title": "OAuth 2 authorization service vulnerable to DDos attacks",
            "x_generator": {
                "engine": "Vulnogram 0.0.9"
            },
            "x_legacyV4Record": {
                "CVE_data_meta": {
                    "ASSIGNER": "security@apache.org",
                    "ID": "CVE-2021-22696",
                    "STATE": "PUBLIC",
                    "TITLE": "OAuth 2 authorization service vulnerable to DDos attacks"
                },
                "affects": {
                    "vendor": {
                        "vendor_data": [
                            {
                                "product": {
                                    "product_data": [
                                        {
                                            "product_name": "Apache CXF",
                                            "version": {
                                                "version_data": [
                                                    {
                                                        "version_affected": "<",
                                                        "version_value": "3.4.3"
                                                    },
                                                    {
                                                        "version_affected": "<",
                                                        "version_value": "3.3.10"
                                                    }
                                                ]
                                            }
                                        }
                                    ]
                                },
                                "vendor_name": "Apache Software Foundation"
                            }
                        ]
                    }
                },
                "data_format": "MITRE",
                "data_type": "CVE",
                "data_version": "4.0",
                "description": {
                    "description_data": [
                        {
                            "lang": "eng",
                            "value": "CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a \"request\" parameter, the spec also supports specifying a URI from which to retrieve a JWT token from via the \"request_uri\" parameter. CXF was not validating the \"request_uri\" parameter (apart from ensuring it uses \"https) and was making a REST request to the parameter in the request to retrieve a token. This means that CXF was vulnerable to DDos attacks on the authorization server, as specified in section 10.4.1 of the spec. This issue affects Apache CXF versions prior to 3.4.3; Apache CXF versions prior to 3.3.10."
                        }
                    ]
                },
                "generator": {
                    "engine": "Vulnogram 0.0.9"
                },
                "problemtype": {
                    "problemtype_data": [
                        {
                            "description": [
                                {
                                    "lang": "eng",
                                    "value": "CWE-918 Server-Side Request Forgery (SSRF)"
                                }
                            ]
                        },
                        {
                            "description": [
                                {
                                    "lang": "eng",
                                    "value": "CWE-400 Uncontrolled Resource Consumption"
                                }
                            ]
                        }
                    ]
                },
                "references": {
                    "reference_data": [
                        {
                            "name": "https://cxf.apache.org/security-advisories.data/CVE-2021-22696.txt.asc",
                            "refsource": "MISC",
                            "url": "https://cxf.apache.org/security-advisories.data/CVE-2021-22696.txt.asc"
                        },
                        {
                            "name": "[cxf-dev] 20210402 CVE-2021-22696: OAuth 2 authorization service vulnerable to DDos attacks",
                            "refsource": "MLIST",
                            "url": "https://lists.apache.org/thread.html/r8651c06212c56294a1c0ea61a5ad7790c06502209c03f05c0c7c9914@%3Cdev.cxf.apache.org%3E"
                        },
                        {
                            "name": "[oss-security] 20210402 CVE-2021-22696: Apache CXF: OAuth 2 authorization service vulnerable to DDos attacks",
                            "refsource": "MLIST",
                            "url": "http://www.openwall.com/lists/oss-security/2021/04/02/2"
                        },
                        {
                            "name": "[cxf-users] 20210402 CVE-2021-22696: OAuth 2 authorization service vulnerable to DDos attacks",
                            "refsource": "MLIST",
                            "url": "https://lists.apache.org/thread.html/r8651c06212c56294a1c0ea61a5ad7790c06502209c03f05c0c7c9914@%3Cusers.cxf.apache.org%3E"
                        },
                        {
                            "name": "[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html",
                            "refsource": "MLIST",
                            "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E"
                        },
                        {
                            "name": "[announce] 20210402 [Apache CXF] CVE-2021-22696: OAuth 2 authorization service vulnerable to DDos attacks",
                            "refsource": "MLIST",
                            "url": "https://lists.apache.org/thread.html/r6445001cc5f9a2bb1e6316993753306e054bdd1d702656b7cbe59045@%3Cannounce.apache.org%3E"
                        },
                        {
                            "name": "[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html",
                            "refsource": "MLIST",
                            "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E"
                        },
                        {
                            "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                            "refsource": "MISC",
                            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                        },
                        {
                            "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
                            "refsource": "MISC",
                            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
                        }
                    ]
                },
                "source": {
                    "discovery": "UNKNOWN"
                }
            }
        },
        "adp": [
            {
                "providerMetadata": {
                    "orgId": "af854a3a-2127-422b-91ae-364da2661108",
                    "shortName": "CVE",
                    "dateUpdated": "2024-08-03T18:51:07.452Z"
                },
                "title": "CVE Program Container",
                "references": [
                    {
                        "tags": [
                            "x_refsource_MISC",
                            "x_transferred"
                        ],
                        "url": "https://cxf.apache.org/security-advisories.data/CVE-2021-22696.txt.asc"
                    },
                    {
                        "name": "[cxf-dev] 20210402 CVE-2021-22696: OAuth 2 authorization service vulnerable to DDos attacks",
                        "tags": [
                            "mailing-list",
                            "x_refsource_MLIST",
                            "x_transferred"
                        ],
                        "url": "https://lists.apache.org/thread.html/r8651c06212c56294a1c0ea61a5ad7790c06502209c03f05c0c7c9914%40%3Cdev.cxf.apache.org%3E"
                    },
                    {
                        "name": "[oss-security] 20210402 CVE-2021-22696: Apache CXF: OAuth 2 authorization service vulnerable to DDos attacks",
                        "tags": [
                            "mailing-list",
                            "x_refsource_MLIST",
                            "x_transferred"
                        ],
                        "url": "http://www.openwall.com/lists/oss-security/2021/04/02/2"
                    },
                    {
                        "name": "[cxf-users] 20210402 CVE-2021-22696: OAuth 2 authorization service vulnerable to DDos attacks",
                        "tags": [
                            "mailing-list",
                            "x_refsource_MLIST",
                            "x_transferred"
                        ],
                        "url": "https://lists.apache.org/thread.html/r8651c06212c56294a1c0ea61a5ad7790c06502209c03f05c0c7c9914%40%3Cusers.cxf.apache.org%3E"
                    },
                    {
                        "name": "[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html",
                        "tags": [
                            "mailing-list",
                            "x_refsource_MLIST",
                            "x_transferred"
                        ],
                        "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E"
                    },
                    {
                        "name": "[announce] 20210402 [Apache CXF] CVE-2021-22696: OAuth 2 authorization service vulnerable to DDos attacks",
                        "tags": [
                            "mailing-list",
                            "x_refsource_MLIST",
                            "x_transferred"
                        ],
                        "url": "https://lists.apache.org/thread.html/r6445001cc5f9a2bb1e6316993753306e054bdd1d702656b7cbe59045%40%3Cannounce.apache.org%3E"
                    },
                    {
                        "name": "[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html",
                        "tags": [
                            "mailing-list",
                            "x_refsource_MLIST",
                            "x_transferred"
                        ],
                        "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E"
                    },
                    {
                        "tags": [
                            "x_refsource_MISC",
                            "x_transferred"
                        ],
                        "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                    },
                    {
                        "tags": [
                            "x_refsource_MISC",
                            "x_transferred"
                        ],
                        "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
                    }
                ]
            }
        ]
    },
    "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2021-22696",
        "datePublished": "2021-04-02T10:05:14",
        "dateReserved": "2021-01-06T00:00:00",
        "dateUpdated": "2024-08-03T18:51:07.452Z",
        "state": "PUBLISHED"
    },
    "dataType": "CVE_RECORD",
    "dataVersion": "5.1"
}