Lucene search
K

37 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.16 views

EUVD-2018-0594

Malware in sbrugna...

8.8CVSS8.7AI score0.01609EPSS
Exploits3References21
OSV
OSV
added 2022/05/13 1:9 a.m.3 views

GHSA-F5CH-36RG-VFCC Cross-Site Request Forgery in Apache CXF Fediz

Apache CXF Fediz ships with an OpenId Connect OIDC service which has a Client Registration Service, which is a simple web application that allows clients to be created, deleted, etc. A CSRF Cross Style Request Forgery style vulnerability has been found in this web application in Apache CXF Fediz...

8.8CVSS6.9AI score0.01136EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2022/05/13 1:9 a.m.21 views

Cross-Site Request Forgery in Apache CXF Fediz

Apache CXF Fediz ships with an OpenId Connect OIDC service which has a Client Registration Service, which is a simple web application that allows clients to be created, deleted, etc. A CSRF Cross Style Request Forgery style vulnerability has been found in this web application in Apache CXF Fediz...

8.8CVSS2.1AI score0.01136EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2018/10/18 4:57 p.m.34 views

Moderate severity vulnerability that affects org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cxf.fediz:fediz-spring3

Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. A CSRF Cross Style Request Forgery style vulnerability has been found in the Spring 2, Spring 3 and Spring 4 plugins in versions before 1.4.3 and 1.3.3. The vulnerability can result in a...

8.8CVSS2.7AI score0.01609EPSS
Exploits3References13Affected Software3
OSV
OSV
added 2018/10/18 4:57 p.m.3 views

GHSA-QPWJ-MVV7-V3M9 High severity vulnerability that affects org.apache.cxf.fediz:fediz-spring and org.apache.cxf.fediz:fediz-spring2

The application plugins in Apache CXF Fediz 1.2.x before 1.2.3 and 1.3.x before 1.3.1 do not match SAML AudienceRestriction values against configured audience URIs, which might allow remote attackers to have bypass intended restrictions and have unspecified other impact via a crafted SAML token...

9.8CVSS6AI score0.03986EPSS
Exploits0References13
Github Security Blog
Github Security Blog
added 2018/10/18 4:57 p.m.35 views

High severity vulnerability that affects org.apache.cxf.fediz:fediz-spring and org.apache.cxf.fediz:fediz-spring2

The application plugins in Apache CXF Fediz 1.2.x before 1.2.3 and 1.3.x before 1.3.1 do not match SAML AudienceRestriction values against configured audience URIs, which might allow remote attackers to have bypass intended restrictions and have unspecified other impact via a crafted SAML token...

9.8CVSS5.8AI score0.03986EPSS
Exploits0References13Affected Software2
OSV
OSV
added 2018/10/18 4:57 p.m.2 views

GHSA-3357-829X-M9PR Apache CXF Fediz application plugins are vulnerable to Denial of Service (DoS) attacks

Application plugins in Apache CXF Fediz prior to version 1.1.3 and 1.2.x prior to 1.2.1 allow remote attackers to create a denial of service...

7.5CVSS5.9AI score0.10897EPSS
Exploits0References14
Github Security Blog
Github Security Blog
added 2018/10/18 4:57 p.m.31 views

Apache CXF Fediz application plugins are vulnerable to Denial of Service (DoS) attacks

Application plugins in Apache CXF Fediz prior to version 1.1.3 and 1.2.x prior to 1.2.1 allow remote attackers to create a denial of service...

7.5CVSS7.2AI score0.10897EPSS
Exploits0References14Affected Software2
Github Security Blog
Github Security Blog
added 2018/10/18 4:56 p.m.31 views

High severity vulnerability that affects org.apache.cxf.fediz:fediz-jetty8, org.apache.cxf.fediz:fediz-jetty9, org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cxf.fediz:fediz-spring3

Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations DTDs when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters...

7.5CVSS2.7AI score0.1073EPSS
Exploits0References12Affected Software5
OSV
OSV
added 2018/10/18 4:56 p.m.1 views

GHSA-W3GH-G32M-CVHR High severity vulnerability that affects org.apache.cxf.fediz:fediz-jetty8, org.apache.cxf.fediz:fediz-jetty9, org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cxf.fediz:fediz-spring3

Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations DTDs when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters...

7.5CVSS7.1AI score0.1073EPSS
Exploits0References12
Github Security Blog
Github Security Blog
added 2018/10/18 4:56 p.m.31 views

Moderate severity vulnerability that affects org.apache.cxf.fediz:fediz-jetty8, org.apache.cxf.fediz:fediz-jetty9, and org.apache.cxf.fediz:fediz-spring2

Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. A CSRF Cross Style Request Forgery style vulnerability has been found in the Spring 2, Spring 3, Jetty 8 and Jetty 9 plugins in Apache CXF Fediz prior to 1.4.0, 1.3.2 and 1.2.4...

8.8CVSS2AI score0.01104EPSS
Exploits0References10Affected Software3
Prion
Prion
added 2018/07/05 1:29 p.m.14 views

Design/Logic Flaw

Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations DTDs when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters...

5CVSS7.5AI score0.1073EPSS
Exploits0References10Affected Software1
NVD
NVD
added 2018/07/05 1:29 p.m.14 views

CVE-2018-8038

Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations DTDs when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters...

7.5CVSS7.5AI score0.1073EPSS
Exploits0References10
OSV
OSV
added 2018/07/05 1:29 p.m.14 views

CVE-2018-8038

Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations DTDs when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters...

7.5CVSS7AI score0.1073EPSS
Exploits0References10
CNVD
CNVD
added 2017/12/04 12:0 a.m.1 views

Apache CXF Fediz Spring plugin cross-site request forgery vulnerability

Apache CXF is the United States Apache Apache Software Foundation of an open source Web services framework. The framework supports a variety of Web services standards , a variety of front-end programming APIs , etc. Apache CXF Fediz is one of the sub-projects , mainly used to provide authenticati...

8.8CVSS7.1AI score0.01609EPSS
Exploits3References1
Prion
Prion
added 2017/11/30 2:29 p.m.15 views

Cross site request forgery (csrf)

Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. A CSRF Cross Style Request Forgery style vulnerability has been found in the Spring 2, Spring 3 and Spring 4 plugins in versions before 1.4.3 and 1.3.3. The vulnerability can result in a...

6.8CVSS8.6AI score0.01609EPSS
Exploits3References9Affected Software1
NVD
NVD
added 2017/11/30 2:29 p.m.32 views

CVE-2017-12631

Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. A CSRF Cross Style Request Forgery style vulnerability has been found in the Spring 2, Spring 3 and Spring 4 plugins in versions before 1.4.3 and 1.3.3. The vulnerability can result in a...

8.8CVSS8.7AI score0.01609EPSS
Exploits3References9
CVE
CVE
added 2017/11/30 2:0 p.m.79 views

CVE-2017-12631

CVE-2017-12631 affects Apache CXF Fediz WS-Federation plugins (Spring 2, 3, 4). The root cause is a CSRF vulnerability that can cause a security context to be established using a malicious client’s roles for the end user. Affected components are the Fediz Spring plugins in versions before 1.4.3 a...

8.8CVSS8.6AI score0.01609EPSS
Exploits3References9Affected Software1
NVD
NVD
added 2017/06/07 8:29 p.m.11 views

CVE-2015-5175

Application plugins in Apache CXF Fediz before 1.1.3 and 1.2.x before 1.2.1 allow remote attackers to cause a denial of service...

7.5CVSS7.4AI score0.10897EPSS
Exploits0References11
Prion
Prion
added 2017/06/07 8:29 p.m.13 views

Denial of service

Application plugins in Apache CXF Fediz before 1.1.3 and 1.2.x before 1.2.1 allow remote attackers to cause a denial of service...

5CVSS7.2AI score0.10897EPSS
Exploits0References11Affected Software1
Rows per page
Query Builder