Lucene search

K

ApacheCVELIST:CVE-2017-5653

HistoryApr 18, 2017 - 4:00 p.m.

CVE-2017-5653

2017-04-1816:00:00

apache

www.cve.org

1

5.2 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.2%

JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers.

CNA Affected

[
  {
    "product": "Apache CXF",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "status": "affected",
        "version": "prior to 3.0.13"
      },
      {
        "status": "affected",
        "version": "3.1.x prior to 3.1.11"
      }
    ]
  }
]

References

cxf.apache.org/security-advisories.data/CVE-2017-5653.txt.asc?version=1&modificationDate=1492515074710&api=v2

www.securityfocus.com/bid/97968

www.securitytracker.com/id/1038279

access.redhat.com/errata/RHSA-2017:1832

lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E

lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E

lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E

lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E

lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E

lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E

5.2 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.2%

Related for CVELIST:CVE-2017-5653

github1 nvd1 prion1 osv2 redhatcve1 veracode1 cve1 f51 ibm3 redhat1