Back to search
CVE-2017-12631
Published: Nov 30, 2017
Modified: Sep 16, 2024
PUBLISHED
Description
Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. A CSRF (Cross Style Request Forgery) style vulnerability has been found in the Spring 2, Spring 3 and Spring 4 plugins in versions before 1.4.3 and 1.3.3. The vulnerability can result in a security context that is set up using a malicious client's roles for the given enduser.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache CXF Fediz | affected 1.4.x prior to 1.4.3affected prior to 1.3.3 |
References
1040487
vdb-entry
x_refsource_SECTRACK
102127
vdb-entry
x_refsource_BID
[cxf-user] 20171130 Apache CXF Fediz 1.4.3 and 1.3.3 released with a new security advisory CVE-2017-12631
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now