Vulnerabilities

CVE-2017-5656

by Fred · 18/04/2017

Apache CXF’s STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user.

Date published : 2017-04-18

http://www.securityfocus.com/bid/97971

http://cxf.apache.org/security-advisories.data/CVE-2017-5656.txt.asc?version=1&modificationDate=1492515113282&api=v2

Similar

Tags: Cybersecurity Alert