Lucene search
K

9 matches found

RedHat Linux
RedHat Linux
added 2020/07/29 6:21 a.m.4 views

cxf: OpenId Connect token service does not properly validate the clientId

Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from a local keystore JKS/PKCS12 by specifing the...

7.5CVSS7.3AI score0.0606EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/07/23 7:3 a.m.3 views

cxf: OpenId Connect token service does not properly validate the clientId

Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from a local keystore JKS/PKCS12 by specifing the...

7.5CVSS7.3AI score0.0606EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/06/11 9:3 a.m.3 views

cxf: OpenId Connect token service does not properly validate the clientId

Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from a local keystore JKS/PKCS12 by specifing the...

7.5CVSS7.3AI score0.0606EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/06/11 7:9 a.m.2 views

cxf: OpenId Connect token service does not properly validate the clientId

Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from a local keystore JKS/PKCS12 by specifing the...

7.5CVSS7.3AI score0.0606EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/05/11 8:17 p.m.2 views

cxf: OpenId Connect token service does not properly validate the clientId

Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from a local keystore JKS/PKCS12 by specifing the...

7.5CVSS7.3AI score0.0606EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/05/11 8:12 p.m.4 views

cxf: OpenId Connect token service does not properly validate the clientId

Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from a local keystore JKS/PKCS12 by specifing the...

7.5CVSS7.3AI score0.0606EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2020/01/31 6:39 p.m.36 views

CVE-2019-12423

Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from a local keystore JKS/PKCS12 by specifing the...

7.5CVSS0.9AI score0.0606EPSS
Exploits0References3
Veracode
Veracode
added 2020/01/17 6:19 a.m.24 views

Information Disclosure

An attacker is able to obtain the private keys from a JWK keystore file by setting the configuration parameter rs.security.keystore.type to jwk...

7.5CVSS1.4AI score0.0606EPSS
Exploits0References16Affected Software82
CVE
CVE
added 2020/01/16 5:42 p.m.184 views

CVE-2019-12423

CVE-2019-12423 affects Apache CXF OpenId Connect JWK Keys service. When rs.security.keystore.type is set to “jwk”, the service may return all keys from the JWK file, potentially exposing private/secret key credentials if present, though newer CXF releases restrict to the key with the matching ali...

7.5CVSS7.2AI score0.0606EPSS
Exploits0References10Affected Software1
Rows per page
Query Builder