CVE-2017-5656 is a vulnerability in Apache CXF
Published on April 18, 2017

Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user.

Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2017-5656

Want to know whenever a new CVE is published for Apache CXF? stack.watch will email you.

Apache CXF

Affected Versions

Apache Software Foundation Apache CXF:

Version 3.1.x before 3.1.11 is affected.
Version versions before 3.0.13 is affected.

Exploit Probability

EPSS

3.80%

Percentile

87.92%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2017-5656 is a vulnerability in Apache CXFPublished on April 18, 2017

Products Associated with CVE-2017-5656

Affected Versions

Exploit Probability

CVE-2017-5656 is a vulnerability in Apache CXF
Published on April 18, 2017