Apache CXF HTTP transport is vulnerable to cross-site scripting (XSS) attacks. It exists when a request URL contains unexpected matrix parameters. Apache CXF HTTP transport uses FormattedServiceListWriter
to provide an HTML page which lists the names and absolute URL addresses of the available service endpoints. If the unexpected matrix parameters have been injected into the request URL then these matrix parameters will find their way back to the client in the services list page which represents an XSS risk to the client.
cxf.apache.org/security-advisories.data/CVE-2016-6812.txt.asc
cxf.apache.org/security-advisories.data/CVE-2016-6812.txt.asc?version=1&modificationDate=1482164360602&api=v2
www.securityfocus.com/bid/97582
www.securitytracker.com/id/1037543
access.redhat.com/errata/RHSA-2017:0868
issues.apache.org/jira/browse/CXF-6216
lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E