cxf: CXF JAX-RS XML Security streaming clients do not validate that the service response was signed or encrypted

It was found that a flaw exists in JAX-RS clients using the streaming approach for XML signatures and encryption, where it does not enforce the message to be signed/encrypted. This could allow an attacker to subvert the integrity of the message...

Apache CXF Server Spoofing Vulnerability

Apache CXF is the United States Apache Apache Software Foundation of an open source Web services framework. The framework supports a variety of Web services standards , a variety of front-end programming APIs , etc. JAX-RSXML Security streaming clients is one of the use of XML signatures and XML...

Code injection

JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers...

CVE-2017-5653

CVE-2017-5653 affects Apache CXF JAX-RS XML Security streaming clients. The root cause is that these clients do not validate that the service response was signed or encrypted, enabling remote attackers to spoof servers. Affected: CXF versions prior to 3.1.11 and 3.0.13. Impact (per public records...