CVE-2017-5653 is a vulnerability in Apache CXF
Published on April 18, 2017

JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers.

Vendor Advisory NVD

Products Associated with CVE-2017-5653

Want to know whenever a new CVE is published for Apache CXF? stack.watch will email you.

Apache CXF

Affected Versions

Apache Software Foundation Apache CXF:

Version prior to 3.0.13 is affected.
Version 3.1.x prior to 3.1.11 is affected.

Exploit Probability

EPSS

3.17%

Percentile

86.76%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2017-5653 is a vulnerability in Apache CXFPublished on April 18, 2017

Products Associated with CVE-2017-5653

Affected Versions

Exploit Probability

CVE-2017-5653 is a vulnerability in Apache CXF
Published on April 18, 2017