Количество 3
Количество 3
CVE-2017-3156
The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3.0.13 and 3.1.x prior to 3.1.10 is not using a constant time MAC signature comparison algorithm which may be exploited by sophisticated timing attacks.
CVE-2017-3156
The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3.0.13 and 3.1.x prior to 3.1.10 is not using a constant time MAC signature comparison algorithm which may be exploited by sophisticated timing attacks.
GHSA-qc2p-q7x9-v64p
Covert Timing Channel in Apache CXF
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2017-3156 The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3.0.13 and 3.1.x prior to 3.1.10 is not using a constant time MAC signature comparison algorithm which may be exploited by sophisticated timing attacks. | CVSS3: 5.3 | 13% Средний | почти 9 лет назад |
 | CVE-2017-3156 The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3.0.13 and 3.1.x prior to 3.1.10 is not using a constant time MAC signature comparison algorithm which may be exploited by sophisticated timing attacks. | CVSS3: 7.5 | 13% Средний | больше 8 лет назад |
| GHSA-qc2p-q7x9-v64p Covert Timing Channel in Apache CXF | CVSS3: 7.5 | 13% Средний | больше 3 лет назад |
Уязвимостей на страницу