CVE-2017-5653

Source
https://nvd.nist.gov/vuln/detail/CVE-2017-5653
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-5653.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-5653
Aliases
Published
2017-04-18T16:59:00Z
Modified
2024-10-12T02:46:56.393241Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers.

References

Affected packages

Git / github.com/apache/cxf

Affected ranges

Affected versions

cxf-3.*

cxf-3.0.0
cxf-3.0.1
cxf-3.0.10
cxf-3.0.11
cxf-3.0.12
cxf-3.0.13
cxf-3.0.2
cxf-3.0.3
cxf-3.0.4
cxf-3.0.5
cxf-3.0.6
cxf-3.0.7
cxf-3.0.8
cxf-3.0.9
cxf-3.1.0
cxf-3.1.1
cxf-3.1.10
cxf-3.1.11
cxf-3.1.2
cxf-3.1.3
cxf-3.1.4
cxf-3.1.5
cxf-3.1.6
cxf-3.1.7
cxf-3.1.8
cxf-3.1.9