CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

vulnersOsv•added 2022/05/13 1:9 a.m.•4 views

org.apache.cxf.fediz.systests.federation:fediz-systests-federation-samlIdpWebapp (>=1.2.0 <=1.2.4), org.apache.cxf.fediz:fediz-idp (>=1.2.0 <=1.2.4) +2 more potentially affected by CVE-2015-5253 via org.apache.cxf:cxf-rt-rs-security-sso-saml (>=3.0.0 <=3.0.6)

org.apache.cxf:cxf-rt-rs-security-sso-saml MAVEN version =3.0.0, =1.2.0, =1.2.0, =3.0.5, =3.0.0, =3.0.16 Source cves: CVE-2015-5253 Source advisory: OSV:GHSA-3336-H95J-HVVF...

4CVSS7.2AI score0.00336EPSS

Github Security Blog•added 2022/05/13 1:9 a.m.•16 views

Cross-Site Request Forgery in Apache CXF Fediz

Apache CXF Fediz ships with an OpenId Connect OIDC service which has a Client Registration Service, which is a simple web application that allows clients to be created, deleted, etc. A CSRF Cross Style Request Forgery style vulnerability has been found in this web application in Apache CXF Fediz...

8.8CVSS2.1AI score0.00987EPSS

Exploits0References11Affected Software1

vulnersOsv•added 2022/05/13 1:9 a.m.•1 views

org.apache.cxf.fediz:apache-fediz (=1.3.1) potentially affected by CVE-2017-7662 via org.apache.cxf.fediz:fediz-oidc (=1.3.1)

org.apache.cxf.fediz:fediz-oidc MAVEN version =1.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.cxf.fediz:fediz-oidc and may be impacted: - org.apache.cxf.fediz:apache-fediz =1.3.1 Source cves: CVE-2017-7662 Source advisory:...

8.8CVSS7.2AI score0.00987EPSS

OSV•added 2022/05/13 1:9 a.m.•0 views

GHSA-F5CH-36RG-VFCC Cross-Site Request Forgery in Apache CXF Fediz

8.8CVSS6.9AI score0.00987EPSS

Exploits0References10

org.apache.cxf.fediz.systests.webapps:fediz-systests-webapps-spring3 (>=1.4.0 <=1.4.2), org.apache.cxf.fediz:apache-fediz (>=1.4.1 <=1.4.2) potentially affected by CVE-2017-12631 via org.apache.cxf.fediz:fediz-spring3 (>=1.4.0 <=1.4.2)

org.apache.cxf.fediz:fediz-spring3 MAVEN version =1.4.0, =1.4.0, =1.4.1, =1.4.2 Source cves: CVE-2017-12631 Source advisory: OSV:GHSA-FV7X-4HPC-HF9F...

OSV•added 2018/10/18 4:57 p.m.•0 views

GHSA-FV7X-4HPC-HF9F Moderate severity vulnerability that affects org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cxf.fediz:fediz-spring3

Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. A CSRF Cross Style Request Forgery style vulnerability has been found in the Spring 2, Spring 3 and Spring 4 plugins in versions before 1.4.3 and 1.3.3. The vulnerability can result in a...

8.8CVSS5.7AI score0.01374EPSS

Exploits3References14

org.apache.cxf.fediz.examples:jaxrsSpringSecurityWebapp (>=1.4.0 <=1.4.2), org.apache.cxf.fediz.examples:springPreauthWebapp (>=1.4.0 <=1.4.2) +4 more potentially affected by CVE-2017-12631 via org.apache.cxf.fediz:fediz-spring (>=1.4.0 <=1.4.2)

org.apache.cxf.fediz:fediz-spring MAVEN version =1.4.0, =1.4.0, =1.4.0, =1.4.0, =1.4.0, =1.4.0, =1.4.0, =1.4.2 Source cves: CVE-2017-12631 Source advisory: OSV:GHSA-FV7X-4HPC-HF9F...

vulnersOsv•added 2018/10/18 4:57 p.m.•2 views

org.apache.cxf.fediz.examples:jaxrsSpringSecurityWebapp (>=1.3.0 <=1.3.2), org.apache.cxf.fediz.examples:springPreauthWebapp (>=1.1.0 <=1.3.2) +6 more potentially affected by CVE-2017-12631 via org.apache.cxf.fediz:fediz-spring (>=1.1.0 <=1.3.2)

org.apache.cxf.fediz:fediz-spring MAVEN version =1.1.0, =1.3.0, =1.1.0, =1.1.0, =1.2.0, =1.2.0, =1.1.0, =1.1.0, =1.1.0, =1.3.2 Source cves: CVE-2017-12631 Source advisory: OSV:GHSA-FV7X-4HPC-HF9F...

org.apache.cxf.fediz.examples:spring2Webapp (>=1.1.0 <=1.3.2), org.apache.cxf.fediz.systests.webapps:fediz-systests-webapps-spring2 (>=1.2.0 <=1.3.2) +2 more potentially affected by CVE-2017-12631 via org.apache.cxf.fediz:fediz-spring2 (>=1.1.0 <=1.3.2)

org.apache.cxf.fediz:fediz-spring2 MAVEN version =1.1.0, =1.1.0, =1.2.0, =1.1.0, =1.1.0, =1.3.2 Source cves: CVE-2017-12631 Source advisory: OSV:GHSA-FV7X-4HPC-HF9F...

org.apache.cxf.fediz.examples:spring2Webapp (>=1.4.0 <=1.4.2), org.apache.cxf.fediz.systests.webapps:fediz-systests-webapps-spring2 (>=1.4.0 <=1.4.2) +1 more potentially affected by CVE-2017-12631 via org.apache.cxf.fediz:fediz-spring2 (>=1.4.0 <=1.4.2)

org.apache.cxf.fediz:fediz-spring2 MAVEN version =1.4.0, =1.4.0, =1.4.0, =1.4.0, =1.4.2 Source cves: CVE-2017-12631 Source advisory: OSV:GHSA-FV7X-4HPC-HF9F...

Github Security Blog•added 2018/10/18 4:57 p.m.•26 views

Moderate severity vulnerability that affects org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cxf.fediz:fediz-spring3

8.8CVSS2.7AI score0.01374EPSS

Exploits3References13Affected Software3

org.apache.cxf.fediz.examples:jaxrsSpringSecurityWebapp (=1.3.0), org.apache.cxf.fediz.examples:springPreauthWebapp (=1.3.0) +4 more potentially affected by CVE-2016-4464 via org.apache.cxf.fediz:fediz-spring (=1.3.0)

org.apache.cxf.fediz:fediz-spring MAVEN version =1.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.cxf.fediz:fediz-spring and may be impacted: - org.apache.cxf.fediz.examples:jaxrsSpringSecurityWebapp =1.3.0 -...

org.apache.cxf.fediz.examples:spring2Webapp (>=1.2.0 <=1.2.2), org.apache.cxf.fediz.systests.webapps:fediz-systests-webapps-spring2 (>=1.2.0 <=1.2.2) +1 more potentially affected by CVE-2016-4464 via org.apache.cxf.fediz:fediz-spring2 (>=1.2.0 <=1.2.2)

org.apache.cxf.fediz:fediz-spring2 MAVEN version =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.2 Source cves: CVE-2016-4464 Source advisory: OSV:GHSA-QPWJ-MVV7-V3M9...

OSV•added 2018/10/18 4:57 p.m.•2 views

GHSA-QPWJ-MVV7-V3M9 High severity vulnerability that affects org.apache.cxf.fediz:fediz-spring and org.apache.cxf.fediz:fediz-spring2

The application plugins in Apache CXF Fediz 1.2.x before 1.2.3 and 1.3.x before 1.3.1 do not match SAML AudienceRestriction values against configured audience URIs, which might allow remote attackers to have bypass intended restrictions and have unspecified other impact via a crafted SAML token...

9.8CVSS6AI score0.02058EPSS

Exploits0References13

org.apache.cxf.fediz.examples:springPreauthWebapp (>=1.2.0 <=1.2.2), org.apache.cxf.fediz.examples:springWebapp (>=1.2.0 <=1.2.2) +3 more potentially affected by CVE-2016-4464 via org.apache.cxf.fediz:fediz-spring (>=1.2.0 <=1.2.2)

org.apache.cxf.fediz:fediz-spring MAVEN version =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.2 Source cves: CVE-2016-4464 Source advisory: OSV:GHSA-QPWJ-MVV7-V3M9...

Github Security Blog•added 2018/10/18 4:57 p.m.•24 views

High severity vulnerability that affects org.apache.cxf.fediz:fediz-spring and org.apache.cxf.fediz:fediz-spring2

9.8CVSS5.8AI score0.02058EPSS

Exploits0References13Affected Software2

org.apache.cxf.fediz.examples:spring2Webapp (=1.3.0), org.apache.cxf.fediz.systests.webapps:fediz-systests-webapps-spring2 (=1.3.0) +1 more potentially affected by CVE-2016-4464 via org.apache.cxf.fediz:fediz-spring2 (=1.3.0)

org.apache.cxf.fediz:fediz-spring2 MAVEN version =1.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.cxf.fediz:fediz-spring2 and may be impacted: - org.apache.cxf.fediz.examples:spring2Webapp =1.3.0 -...

7.5CVSS7.1AI score0.13564EPSS

org.apache.cxf.fediz.examples.simpleWebapp:simpleWebapp (>=1.0.1 <=1.0.2), org.apache.cxf.fediz.examples.wsclientWebapp:webapp (>=1.0.3 <=1.1.2) +18 more potentially affected by CVE-2015-5175 via org.apache.cxf.fediz:fediz-core (>=1.0.0 <=1.1.2)

org.apache.cxf.fediz:fediz-core MAVEN version =1.0.0, =1.0.1, =1.0.3, =1.0.1, =1.0.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.0.0, =1.1.0, =1.1.2 and more Source cves: CVE-2015-5175 Source advisory: OSV:GHSA-3357-829X-M9PR...