5 matches found
org.apache.cxf.osgi.itests:org.apache.cxf.osgi.itests (>=3.1.0 <=3.1.1) potentially affected by CVE-2017-3156 via org.apache.cxf.karaf:apache-cxf (>=3.1.0 <=3.1.1)
org.apache.cxf.karaf:apache-cxf MAVEN version =3.1.0, =3.1.0, =3.1.1 Source cves: CVE-2017-3156 Source advisory: OSV:GHSA-QC2P-Q7X9-V64P...
com.savoirtech.aetos:aetos (>=1.5.6 <=3.0.2.3), io.fabric8.fab.tests:fab-itests (>=1.1.0.Beta1 <=1.2.0.Beta2) +32 more potentially affected by CVE-2017-3156 via org.apache.cxf.karaf:apache-cxf (>=2.7.10 <=3.0.12)
org.apache.cxf.karaf:apache-cxf MAVEN version =2.7.10, =1.5.6, =1.1.0.Beta1, =0.0.1, =0.0.1, =0.0.6, =0.0.1, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.0.4, =0.0.7...
Security Bulletin: IBM Tivoli Network Manager IP Edition is affected by an Apache CXF vulnerability (CVE-2017-3156)
Summary Vulnerability has been addressed in the Apache CXF component of Tivoli Network Manager IP Edition. Vulnerability Details CVEID: CVE-2017-3156 DESCRIPTION: Apache CXF could provide weaker than expected security, caused by the failure to use the OAuth2 Hawk and JOSE MAC Validation code. A...
CVE-2017-3156
The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3.0.13 and 3.1.x prior to 3.1.10 is not using a constant time MAC signature comparison algorithm which may be exploited by sophisticated timing attacks...
Fedora 25 : 1:cxf (2017-d62c8f91e4)
fix CVE-2017-3156 rhbz1425455,1425458 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVE...