Lucene search
Redhat.comRH:CVE-2017-3156HistoryFeb 21, 2017 - 1:48 p.m.
CVE-2017-3156
2017-02-2113:48:16
redhat.com
access.redhat.com
7
0.003 Low
EPSS
Percentile
68.8%
It was found that Apache CXF OAuth2 Hawk and JOSE MAC Validation code is not using a constant time MAC signature comparison algorithm which may be exploited by some sophisticated timing attacks. It may only affect OAuth2 Hawk or JWT access tokens or JOSE JWS/JWE interceptors which depend on HMAC secret key algorithms.
Related
github
github
Covert Timing Channel in Apache CXF
2022-05-13 01:09:21
osv
osv
Covert Timing Channel in Apache CXF
2022-05-13 01:09:21
CVE-2017-3156
2017-08-10 18:29:00
prion
prion
Code injection
2017-08-10 18:29:00
ibm
ibm
cvelist
cvelist
CVE-2017-3156
2017-02-20 00:00:00
nvd
nvd
CVE-2017-3156
2017-08-10 18:29:00
veracode
veracode
Timing Attacks
2017-02-23 08:56:32
cve
cve
CVE-2017-3156
2017-08-10 18:29:00
fedora
fedora
[SECURITY] Fedora 25 Update: cxf-3.1.6-5.fc25
2017-03-02 01:22:29
openvas
openvas
Fedora Update for cxf FEDORA-2017-d62c8f91e4
2017-03-02 00:00:00
nessus
nessus
Fedora 25 : 1:cxf (2017-d62c8f91e4)
2017-03-03 00:00:00
redhat
redhat