CVE-2017-5653

Summary

JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache CXFprior to 3.0.13affected
Apache Software FoundationApache CXF3.1.x prior to 3.1.11affected

Weaknesses

  • XML Security streaming clients do not validate that the service response was secured.

ADP Enrichment

CVE Program Container

Additional References

References