CVE-2017-7662
CVSS v3.0
8.8 (High)
CVSS v2.0
6.8 (Medium)
EPSS
0.14 % (51th)
Affected Products
1
Advisories
1
Apache CXF Fediz ships with an OpenId Connect (OIDC) service which has a Client Registration Service, which is a simple web application that allows clients to be created, deleted, etc. A CSRF (Cross Style Request Forgery) style vulnerability has been found in this web application in Apache CXF Fediz prior to 1.4.0 and 1.3.2, meaning that a malicious web application could create new clients, or reset secrets, etc, after the admin user has logged on to the client registration service and the session is still active.
Weaknesses
- CWE-352
- Cross-Site Request Forgery (CSRF)
- CVE Status
- PUBLISHED
- CNA
- Apache Software Foundation
- Published Date
-
2017-05-16 17:29:00
(7 years ago) - Updated Date
-
2023-11-07 02:50:14
(10 months ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...