com.domeke:basecore (>=1.0.0 <=1.0.4), com.eurodyn.qlack2.fuse:qlack2-fuse-workflow-runtime-impl (>=2.3.3 <=2.3.19) +408 more potentially affected by CVE-2017-5656 via org.apache.cxf:cxf-core (>=3.1.0 <=3.1.10)

org.apache.cxf:cxf-core MAVEN version =3.1.0, =1.0.0, =2.3.3, =1.0, =0.2, =0.2, =1.1.4-rc1, =1.0.1, =1.1.0.0, =1.1.0.0, =1.5.8.0 - com.reallifedeveloper:rld-common =1.3 - com.wichell:framework-config =1.0.0 - com.wichell:framework-core =1.0.0 - com.wichell:framework-dao =1.0.0 and more Source cve...

Moderate: Red Hat Security Advisory: Red Hat OpenShift Application Runtimes security and bug fix update

An update is now available for Red Hat OpenShift Application Runtimes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

CVE-2017-5656

Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user...

CVE-2017-5656

CVE-2017-5656 : Apache CXF’s STSClient (before 3.1.11 and 3.0.13) caches delegation-related tokens in a flawed way, enabling an attacker to craft a token that resolves to a cached token identifier belonging to another user. This can bypass security restrictions. The provided documents confirm the...