QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2017-7662

Back to search

CVE-2017-7662

Published: May 16, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

Apache CXF Fediz ships with an OpenId Connect (OIDC) service which has a Client Registration Service, which is a simple web application that allows clients to be created, deleted, etc. A CSRF (Cross Style Request Forgery) style vulnerability has been found in this web application in Apache CXF Fediz prior to 1.4.0 and 1.3.2, meaning that a malicious web application could create new clients, or reset secrets, etc, after the admin user has logged on to the client registration service and the session is still active.

VendorProductVersions

Apache Software Foundation

Apache CXF Fediz

affected
prior to 1.4.0, 1.3.2 and 1.2.4.

References

1038498
vdb-entry
x_refsource_SECTRACK

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now