CVE-2017-7662
Last modified
CVE-2017-7662 is a vulnerability of currently unknown severity. Apache CXF Fediz ships with an OpenId Connect (OIDC) service which has a Client Registration Service, which is a simple web application that allows clients to be created, deleted, etc. A CSRF (Cross Style Request Forgery) style vulnerability has been found in this web application in Apache CXF Fediz prior to 1.4.0 and 1.3.2, meaning that a malicious web application could create new clients, or reset secrets, etc, after the admin user has logged on to the client registration service and the session is still active.. EPSS estimates a 1.14% chance of exploitation in the next 30 days.
Description
Apache CXF Fediz ships with an OpenId Connect (OIDC) service which has a Client Registration Service, which is a simple web application that allows clients to be created, deleted, etc. A CSRF (Cross Style Request Forgery) style vulnerability has been found in this web application in Apache CXF Fediz prior to 1.4.0 and 1.3.2, meaning that a malicious web application could create new clients, or reset secrets, etc, after the admin user has logged on to the client registration service and the session is still active.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Apache | Cxf Fediz | <= 1.3.2 |
| Apache | Cxf Fediz | 1.4.0 |
References
- http://cxf.apache.org/security-advisories.data/CVE-2017-7662.txt.ascPatch, Vendor Advisory
- http://cxf.apache.org/security-advisories.data/CVE-2017-7662.txt.ascPatch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-7662?
How severe is CVE-2017-7662?
How do I fix CVE-2017-7662?
Are you affected by CVE-2017-7662?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST