Lucene search
K
ApacheCxf Fediz

6 matches found

CVE
CVE
added 2018/07/05 1:0 p.m.86 views

CVE-2018-8038

CVE-2018-8038 affects Apache CXF Fediz prior to 1.4.4, where Document Type Declarations (DTDs) are not fully disabled when parsing Identity Provider responses (in application plugins) or in the IdP for certain XML parameters. Connected sources reinforce that the underlying issue is DTD handling a...

7.5CVSS7.4AI score0.1073EPSS
CVE
CVE
added 2017/11/30 2:0 p.m.79 views

CVE-2017-12631

CVE-2017-12631 affects Apache CXF Fediz WS-Federation plugins (Spring 2, 3, 4). The root cause is a CSRF vulnerability that can cause a security context to be established using a malicious client’s roles for the end user. Affected components are the Fediz Spring plugins in versions before 1.4.3 a...

8.8CVSS8.6AI score0.01609EPSS
CVE
CVE
added 2017/06/07 8:0 p.m.73 views

CVE-2015-5175

The CVE-2015-5175 issue affects Apache CXF Fediz application plugins. Versions prior to 1.1.3 and 1.2.x prior to 1.2.1 are vulnerable to a remote DoS attack. The vulnerability is triggered by specially crafted requests, allowing remote attackers to cause denial of service. The DoS impact is descr...

7.5CVSS7.4AI score0.10897EPSS
CVE
CVE
added 2017/05/16 5:0 p.m.72 views

CVE-2017-7661

CVE-2017-7661 affects Apache CXF Fediz container-specific WS-Federation plugins (Spring 2, Spring 3, Jetty 8, Jetty 9) in CXF Fediz prior to versions 1.4.0, 1.3.2, and 1.2.4. The issue is described as a CSRF‑style vulnerability. The connected documents confirm the affected plugins and versions bu...

8.8CVSS8.6AI score0.01104EPSS
CVE
CVE
added 2017/05/16 5:0 p.m.70 views

CVE-2017-7662

Apache CXF Fediz’s OpenID Connect Client Registration Service is vulnerable to CSRF in versions prior to 1.4.0 and 1.3.2. A malicious web app could create new clients or reset secrets after an admin logs in and the session remains active. The connected sources corroborate the same description acr...

8.8CVSS8.6AI score0.01136EPSS
CVE
CVE
added 2016/09/21 6:0 p.m.69 views

CVE-2016-4464

CVE-2016-4464 affects Apache CXF Fediz 1.2.x before 1.2.3 and 1.3.x before 1.3.1. The issue is a mismatch between SAML AudienceRestriction values and configured audience URIs, which may allow a remote attacker to bypass intended restrictions by presenting a crafted SAML token with a trusted signa...

9.8CVSS9.5AI score0.03986EPSS