CVE-2017-5653

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2017-5653

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-5653.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-5653

Aliases

GHSA-hgg6-8x62-m9gf

Published

2017-04-18T16:59:00.150Z

Modified

2026-03-15T22:17:35.788264Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers.

References

Affected packages

Git / github.com/apache/cxf

Affected ranges

Type

GIT

Repo

https://github.com/apache/cxf

Events

Introduced

fd92c807e8773c363df37cfaf946971f5bac763b

Last affected

e58227cd53c8e4526bb3a75b37e4afdb7add6ddf

Introduced

a04a1e06f7fffc5f145e33c6832f31b04782516b

Last affected

df51c99d9a708974a124052bb965494797c22e8c

Database specific

{
    "versions": [
        {
            "introduced": "3.0.0"
        },
        {
            "last_affected": "3.0.13"
        },
        {
            "introduced": "3.1.0"
        },
        {
            "last_affected": "3.1.11"
        }
    ]
}

Affected versions

cxf-3.*

cxf-3.0.0

cxf-3.0.1

cxf-3.0.10

cxf-3.0.11

cxf-3.0.12

cxf-3.0.13

cxf-3.0.2

cxf-3.0.3

cxf-3.0.4

cxf-3.0.5

cxf-3.0.6

cxf-3.0.7

cxf-3.0.8

cxf-3.0.9

cxf-3.1.0

cxf-3.1.1

cxf-3.1.10

cxf-3.1.11

cxf-3.1.2

cxf-3.1.3

cxf-3.1.4

cxf-3.1.5

cxf-3.1.6

cxf-3.1.7

cxf-3.1.8

cxf-3.1.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-5653.json"