Описание
JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers.
Ссылки
- PatchVendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Issue Tracking
- PatchVendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Issue Tracking
Уязвимые конфигурации
Конфигурация 1Версия от 3.0.0 (включая) до 3.0.13 (включая)Версия от 3.1.0 (включая) до 3.1.11 (включая)
Одно из
cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*
EPSS
Процентиль: 87%
0.03167
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-295
Связанные уязвимости
CVSS3: 6.5
redhat
почти 9 лет назад
JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers.
EPSS
Процентиль: 87%
0.03167
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-295