Lucene search

GoogleOSV:CVE-2017-5653

HistoryApr 18, 2017 - 4:59 p.m.

CVE-2017-5653

2017-04-1816:59:00

Google

osv.dev

6.8 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.2%

JSON

JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers.

CPENameOperatorVersion
cxfeqcxf-3.1.2
cxfeqcxf-3.0.3
cxfeqcxf-3.1.3
cxfeqcxf-3.1.7
cxfeqcxf-3.0.6
cxfeqcxf-3.0.1
cxfeqcxf-3.0.9
cxfeqcxf-3.1.0
cxfeqcxf-3.0.7
cxfeqcxf-3.1.4

Name	Operator	Version
cxf	eq	cxf-3.1.2
cxf	eq	cxf-3.0.3
cxf	eq	cxf-3.1.3
cxf	eq	cxf-3.1.7
cxf	eq	cxf-3.0.6
cxf	eq	cxf-3.0.1
cxf	eq	cxf-3.0.9
cxf	eq	cxf-3.1.0
cxf	eq	cxf-3.0.7
cxf	eq	cxf-3.1.4

Rows per page:

1-10 of 261

References

cxf.apache.org/security-advisories.data/CVE-2017-5653.txt.asc?version=1&modificationDate=1492515074710&api=v2

www.securityfocus.com/bid/97968

www.securitytracker.com/id/1038279

access.redhat.com/errata/RHSA-2017:1832

lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E

lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E

lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E

lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E

lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E

lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E