PT-2017-17868 · Apache · Apache Cxf Fediz

Publicado

2017-05-16

Atualizado

2022-05-13

CVE-2017-7662

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Apache CXF Fediz versions prior to 1.4.0 Apache CXF Fediz versions prior to 1.3.2

Description A Cross-Site Request Forgery (CSRF) style issue has been found in the OpenId Connect (OIDC) service's Client Registration Service of Apache CXF Fediz. This allows a malicious web application to create new clients or reset secrets after an admin user has logged on to the client registration service and the session is still active.

Recommendations For versions prior to 1.4.0, update to version 1.4.0 or later. For versions prior to 1.3.2, update to version 1.3.2 or later.

Correção

CSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-352

Identificadores relacionados

CVE-2017-7662

GHSA-F5CH-36RG-VFCC

Produtos afetados

Apache Cxf Fediz

PT-2017-17868 · Apache · Apache Cxf Fediz

CVE-2017-7662

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 18