PT-2017-17867 · Spring+2 · Spring+2

Publicado

2017-05-16

·

Atualizado

2021-06-16

·

CVE-2017-7661

CVSS v3.1

8.8

Alta

VetorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Apache CXF Fediz versions prior to 1.4.0 Apache CXF Fediz versions prior to 1.3.2 Apache CXF Fediz versions prior to 1.2.4
Description A CSRF style vulnerability has been found in the Spring 2, Spring 3, Jetty 8 and Jetty 9 plugins in Apache CXF Fediz. This issue affects the WS-Federation functionality for applications.
Recommendations For versions prior to 1.4.0, update to version 1.4.0 or later. For versions prior to 1.3.2, update to version 1.3.2 or later. For versions prior to 1.2.4, update to version 1.2.4 or later.

Correção

CSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-352

Identificadores relacionados

CVE-2017-7661
GHSA-WHW7-H25V-9QVX

Produtos afetados

Apache Cxf Fediz
Jetty
Spring