Количество 3
Количество 3
CVE-2017-5656
Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user.
CVE-2017-5656
Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user.
GHSA-v936-x3j5-c76j
Session Fixation in Apache CXF
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2017-5656 Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user. | CVSS3: 5.3 | 4% Низкий | почти 9 лет назад |
 | CVE-2017-5656 Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user. | CVSS3: 7.5 | 4% Низкий | почти 9 лет назад |
| GHSA-v936-x3j5-c76j Session Fixation in Apache CXF | CVSS3: 7.5 | 4% Низкий | больше 3 лет назад |
Уязвимостей на страницу