Lucene search
K

5 matches found

vulnersOsv
vulnersOsv
added 2022/05/13 1:9 a.m.4 views

org.apache.cxf.osgi.itests:org.apache.cxf.osgi.itests (>=3.1.0 <=3.1.1) potentially affected by CVE-2017-3156 via org.apache.cxf.karaf:apache-cxf (>=3.1.0 <=3.1.1)

org.apache.cxf.karaf:apache-cxf MAVEN version =3.1.0, =3.1.0, =3.1.1 Source cves: CVE-2017-3156 Source advisory: OSV:GHSA-QC2P-Q7X9-V64P...

7.5CVSS7.1AI score0.06315EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/05/13 1:9 a.m.4 views

com.savoirtech.aetos:aetos (>=1.5.6 <=3.0.2.3), io.fabric8.fab.tests:fab-itests (>=1.1.0.Beta1 <=1.2.0.Beta2) +32 more potentially affected by CVE-2017-3156 via org.apache.cxf.karaf:apache-cxf (>=2.7.10 <=3.0.12)

org.apache.cxf.karaf:apache-cxf MAVEN version =2.7.10, =1.5.6, =1.1.0.Beta1, =0.0.1, =0.0.1, =0.0.6, =0.0.1, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.0.7...

7.5CVSS7.1AI score0.06315EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 3:45 p.m.19 views

Security Bulletin: IBM Tivoli Network Manager IP Edition is affected by an Apache CXF vulnerability (CVE-2017-3156)

Summary Vulnerability has been addressed in the Apache CXF component of Tivoli Network Manager IP Edition. Vulnerability Details CVEID: CVE-2017-3156 DESCRIPTION: Apache CXF could provide weaker than expected security, caused by the failure to use the OAuth2 Hawk and JOSE MAC Validation code. A...

7.5CVSS0.3AI score0.06315EPSS
Exploits0Affected Software1
NVD
NVD
added 2017/08/10 6:29 p.m.25 views

CVE-2017-3156

The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3.0.13 and 3.1.x prior to 3.1.10 is not using a constant time MAC signature comparison algorithm which may be exploited by sophisticated timing attacks...

7.5CVSS7.4AI score0.06315EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2017/03/03 12:0 a.m.43 views

Fedora 25 : 1:cxf (2017-d62c8f91e4)

fix CVE-2017-3156 rhbz1425455,1425458 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVE...

7.5CVSS7.5AI score0.06315EPSS
Exploits0References2
Rows per page
Query Builder