Cross-Site Request Forgery in Apache CXF Fediz Client Registration Service
CVE-2017-7662

8.8HIGH

Key Information:

Vendor

Apache
Status
Apache Cxf Fediz
Vendor
CVE Published:
16 May 2017

What is CVE-2017-7662?

The Apache CXF Fediz Client Registration Service is prone to a Cross-Site Request Forgery (CSRF) vulnerability. This flaw enables attackers to perform unauthorized actions such as creating new clients or resetting secrets while an admin user's session is still active. This vulnerability exists in versions of Apache CXF Fediz prior to 1.4.0 and 1.3.2, which can lead to significant security breaches if exploited.

Affected Version(s)

Apache CXF Fediz prior to 1.4.0, 1.3.2 and 1.2.4.

References

http://cxf.apache.org/security-advisories.data/CVE-2017-7...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1038498
vdb-entryx_refsource_SECTRACK
https://lists.apache.org/thread.html/rc774278135816e7afc9...
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.