Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. A CSRF (Cross Style Request Forgery) style vulnerability has been found in the Spring 2, Spring 3, Jetty 8 and Jetty 9 plugins in Apache CXF Fediz prior to 1.4.0, 1.3.2 and 1.2.4.
{
"source": [
"CPE_RANGE",
"CPE_STRING"
],
"cpe": [
"cpe:2.3:a:apache:cxf_fediz:*:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:cxf_fediz:1.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:apache:cxf_fediz:1.3.2:*:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "1.4.0"
},
{
"introduced": "1.2.4"
},
{
"last_affected": "1.2.4"
},
{
"introduced": "1.3.2"
},
{
"last_affected": "1.3.2"
}
]
}