CVE-2017-5656

2017-04-25T13:49:13
ID RH:CVE-2017-5656
Type redhatcve
Reporter redhat.com
Modified 2021-10-13T17:27:32

Description

It was found that the token cacher in Apache cxf uses a flawed way of caching tokens that are associated with the delegation token received from Security Token Service (STS). This vulnerability could allow an attacker to craft a token which could return an identifier corresponding to a cached token for another user.