NVD List

Id Name Description Reject CVSS Version CVSS Score Severity Pub Date Modified Date Actions
84696  CVE-2017-5653  JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers.    Medium  2017-07-18  2017-07-10  View
84697  CVE-2017-5656  Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user.    Medium  2017-07-18  2017-07-10  View
84698  CVE-2017-5659  Apache Traffic Server before 6.2.1 generates a coredump when there is a mismatch between content length and chunked encoding.    Medium  2017-07-18  2017-07-10  View
84699  CVE-2017-5661  In Apache FOP before 2.2, files lying on the filesystem of the server which uses FOP can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.    7.9  High  2017-05-07  2017-05-05  View
84700  CVE-2017-5662  In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable application is running. If the user is root a full compromise of the server - including confidential or sensitive files - would be possible. XXE can also be used to attack the availability of the server via denial of service as the references within a xml document can trivially trigger an amplification attack.    7.9  High  2017-07-18  2017-07-10  View

Page 16940 of 17672, showing 5 records out of 88360 total, starting on record 84696, ending on 84700

Actions