0.003 Low
EPSS
Percentile
71.3%
It was found that a flaw exists in JAX-RS clients using the streaming approach for XML signatures and encryption, where it does not enforce the message to be signed/encrypted. This could allow an attacker to subvert the integrity of the message.
cxf.apache.org/security-advisories.data/CVE-2017-5653.txt.asc
bugzilla.redhat.com/show_bug.cgi?id=1445327