CVE-2017-3156 is a vulnerability in Apache CXF
Published on August 10, 2017

The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3.0.13 and 3.1.x prior to 3.1.10 is not using a constant time MAC signature comparison algorithm which may be exploited by sophisticated timing attacks.

Vendor Advisory NVD

Products Associated with CVE-2017-3156

Want to know whenever a new CVE is published for Apache CXF? stack.watch will email you.

Apache CXF

Affected Versions

Apache Software Foundation Apache CXF:

Version prior to 3.0.13 is affected.
Version 3.1.x prior to 3.1.10 is affected.

Exploit Probability

EPSS

13.07%

Percentile

93.99%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2017-3156 is a vulnerability in Apache CXFPublished on August 10, 2017

Products Associated with CVE-2017-3156

Affected Versions

Exploit Probability

CVE-2017-3156 is a vulnerability in Apache CXF
Published on August 10, 2017