¡¾Â©¶´Í¨¸æ¡¿Apache CXF JMSÔ¶³Ì´úÂëÖ´ÐЩ¶´(CVE-2026-44417)
·¢²¼Ê±¼ä 2026-05-26
Apache CXFÊÇÒ»¿î¹ã·ºÊ¹ÓõĿªÔ´Web Services¿ª·¢¿ò¼Ü£¬Ö§³ÖSOAP¡¢REST¡¢JAX-WS¡¢JAX-RS¼°JMSµÈ¶àÖÖͨÐÅÐÒ飬³£ÓÃÓÚ¹¹½¨ÆóÒµ¼¶SOA·þÎñ¡¢Î¢·þÎñ¼°·Ö²¼Ê½¼¯³Éƽ̨¡£Æä¾ß±¸Á¼ºÃµÄÀ©Õ¹ÐÔÓëÐÒ鼿ÈÝÄÜÁ¦£¬±»¹ã·ºÓ¦ÓÃÓÚ½ðÈÚ¡¢ÕþÎñ¡¢ÔËÓªÉ̼°ÆóÒµ¼¯³É³¡¾°¡£
2026Äê5ÔÂ26ÈÕ£¬mansion88Ã÷Éý°²È«Ó¦¼±ÏìÓ¦ÖÐÐÄ£¨VSRC£©¼à²âµ½Apache CXF JMSÔ¶³Ì´úÂëÖ´ÐЩ¶´¡£ÊôÓÚ´ËǰCVE-2025-48913ÐÞ¸´²»ÍêÕûµ¼Öµİ²È«ÎÊÌâ¡£ÓÉÓÚApache CXFÔÚ´¦ÀíJMSÅäÖÃʱÈÔ´æÔÚδÍêÈ«¸²¸ÇµÄΣÏÕ´úÂë·¾¶£¬¹¥»÷ÕßÔھ߱¸JMSÅäÖÃȨÏÞ»ò¿É×¢Èë²»¿ÉÐÅJMSÅäÖõÄÇé¿öÏ£¬¿ÉÀûÓøÃ©¶´´¥·¢ÈÎÒâ´úÂëÖ´ÐУ¬½ø¶ø¿ØÖÆÓ¦Ó÷þÎñ¡¢ÇÔÈ¡Ãô¸ÐÊý¾Ý»òºáÏòÉøÍ¸ÄÚ²¿ÏµÍ³¡£¸ÃÎÊÌâÖ÷ÒªÓ°ÏìÆôÓÃJMS´«Ê书ÄܵÄCXF·þÎñ»·¾³£¬¿ÉÄܵ¼ÖÂÒµÎñÖжϡ¢Êý¾Ýй¶¼°ºÏ¹æ·çÏÕ£¬¶ÔÆóÒµSOA¼Ü¹¹¼°»ùÓÚWeb ServicesµÄÒµÎñϵͳ°²È«Ôì³ÉÓ°Ïì¡£
¶þ¡¢Ó°Ï췶Χ
4.0.0 <= Apache CXF(org.apache.cxf:cxf-rt-transports-jms) < 4.1.6
4.2.0 <= Apache CXF(org.apache.cxf:cxf-rt-transports-jms) < 4.2.1
Apache CXF(org.apache.cxf:cxf-rt-transports-jms) < 3.6.11
Èý¡¢°²È«´ëÊ©
3.1 Éý¼¶°æ±¾
¹Ù·½ÒÑ·¢²¼ÐÞ¸´²¹¶¡£¬ÒÔÐÞ¸´¸Ã©¶´¡£
Apache CXF(org.apache.cxf:cxf-rt-transports-jms) >= 3.6.11
Apache CXF(org.apache.cxf:cxf-rt-transports-jms) >= 4.1.6
Apache CXF(org.apache.cxf:cxf-rt-transports-jms) >= 4.2.1
ÏÂÔØÁ´½Ó£º
https://cxf.apache.org/download.html/
3.2 ÁÙʱ´ëÊ©
ÔÝÎÞ¡£
3.3 ͨÓý¨Òé
¶¨ÆÚ¸üÐÂϵͳ²¹¶¡£¬¼õÉÙϵͳ©¶´£¬ÌáÉý·þÎñÆ÷µÄ°²È«ÐÔ¡£
¼ÓǿϵͳºÍÍøÂçµÄ·ÃÎÊ¿ØÖÆ£¬Ð޸ķÀ»ðǽ²ßÂÔ£¬¹Ø±Õ·Ç±ØÒªµÄÓ¦Óö˿ڻò·þÎñ£¬¼õÉÙ½«Î£ÏÕ·þÎñ£¨ÈçSSH¡¢RDPµÈ£©±©Â¶µ½¹«Íø£¬¼õÉÙ¹¥»÷Ãæ¡£
ʹÓÃÆóÒµ¼¶°²È«²úÆ·£¬ÌáÉýÆóÒµµÄÍøÂ簲ȫÐÔÄÜ¡£
¼ÓǿϵͳÓû§ºÍȨÏÞ¹ÜÀí£¬ÆôÓöàÒòËØÈÏÖ¤»úÖÆºÍ×îСȨÏÞÔÔò£¬Óû§ºÍÈí¼þȨÏÞÓ¦±£³ÖÔÚ×îµÍÏÞ¶È¡£
ÆôÓÃÇ¿ÃÜÂë²ßÂÔ²¢ÉèÖÃΪ¶¨ÆÚÐ޸ġ£
3.4 ²Î¿¼Á´½Ó
https://lists.apache.org/thread/bqg6gjy2cx7rfyqjxcpv3jwjvmclvz4o/
https://nvd.nist.gov/vuln/detail/CVE-2026-44417


¾©¹«Íø°²±¸11010802024551ºÅ