Количество 2
Количество 2
CVE-2017-7662
Apache CXF Fediz ships with an OpenId Connect (OIDC) service which has a Client Registration Service, which is a simple web application that allows clients to be created, deleted, etc. A CSRF (Cross Style Request Forgery) style vulnerability has been found in this web application in Apache CXF Fediz prior to 1.4.0 and 1.3.2, meaning that a malicious web application could create new clients, or reset secrets, etc, after the admin user has logged on to the client registration service and the session is still active.
GHSA-f5ch-36rg-vfcc
Cross-Site Request Forgery in Apache CXF Fediz
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2017-7662 Apache CXF Fediz ships with an OpenId Connect (OIDC) service which has a Client Registration Service, which is a simple web application that allows clients to be created, deleted, etc. A CSRF (Cross Style Request Forgery) style vulnerability has been found in this web application in Apache CXF Fediz prior to 1.4.0 and 1.3.2, meaning that a malicious web application could create new clients, or reset secrets, etc, after the admin user has logged on to the client registration service and the session is still active. | CVSS3: 8.8 | 1% Низкий | больше 8 лет назад |
| GHSA-f5ch-36rg-vfcc Cross-Site Request Forgery in Apache CXF Fediz | CVSS3: 8.8 | 1% Низкий | больше 3 лет назад |
Уязвимостей на страницу