NVD

Id
86043  
Name
CVE-2017-7662  
Description
Apache CXF Fediz ships with an OpenId Connect (OIDC) service which has a Client Registration Service, which is a simple web application that allows clients to be created, deleted, etc. A CSRF (Cross Style Request Forgery) style vulnerability has been found in this web application in Apache CXF Fediz prior to 1.4.0 and 1.3.2, meaning that a malicious web application could create new clients, or reset secrets, etc, after the admin user has logged on to the client registration service and the session is still active.  
Reject
 
CVSS Version
2  
CVSS Score
6.8  
Severity
Medium  
CVSS Base Score
6.8  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:P/A:P)  
Pub Date
2017-07-18  
Published
2017-05-16  
Modified Date
2017-07-07  
Seq
2017-7662  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
422634 86043 CVE-2017-0466 https://source.android.com/security/bulletin/2017-03-01  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
67775 JVNDB-2017-004064 Apache CXF Fediz におけるクロスサイトリクエストフォージェリの脆弱性 Apache CXF Fediz には、クロスサイトリクエストフォージェリの脆弱性が存在します。 CVE-2017-7662 0 CVE-2017-7662 86043 6.8 8.8 http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-004064.html 2017-05-16 2017-06-15 View