Skip to main content

Cxf Fediz

6 CVEs product

Monthly

CVE-2018-8038 Maven HIGH PATCH This Week

Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations (DTDs) when either parsing the Identity Provider response in the application plugins, or in the Identity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Cxf Fediz
NVD GitHub
CVSS 3.0
7.5
EPSS
10.7%
CVE-2017-12631 Maven HIGH PATCH This Week

Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Java Apache Cxf Fediz
NVD
CVSS 3.0
8.8
EPSS
1.4%
CVE-2015-5175 Maven HIGH PATCH Act Now

Application plugins in Apache CXF Fediz before 1.1.3 and 1.2.x before 1.2.1 allow remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.6%.

Denial Of Service Apache Cxf Fediz
NVD
CVSS 3.0
7.5
EPSS
13.6%
CVE-2017-7662 Maven HIGH PATCH This Week

Apache CXF Fediz ships with an OpenId Connect (OIDC) service which has a Client Registration Service, which is a simple web application that allows clients to be created, deleted, etc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Apache Cxf Fediz
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2017-7661 Maven HIGH PATCH This Week

Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Java Apache Cxf Fediz
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2016-4464 Maven CRITICAL PATCH Act Now

The application plugins in Apache CXF Fediz 1.2.x before 1.2.3 and 1.3.x before 1.3.1 do not match SAML AudienceRestriction values against configured audience URIs, which might allow remote attackers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Authentication Bypass Cxf Fediz
NVD
CVSS 3.0
9.8
EPSS
2.1%
EPSS 11% CVSS 7.5
HIGH PATCH This Week

Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations (DTDs) when either parsing the Identity Provider response in the application plugins, or in the Identity. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Cxf Fediz
NVD GitHub
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Java Apache +1
NVD
EPSS 14% CVSS 7.5
HIGH PATCH Act Now

Application plugins in Apache CXF Fediz before 1.1.3 and 1.2.x before 1.2.1 allow remote attackers to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.6%.

Denial Of Service Apache Cxf Fediz
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Apache CXF Fediz ships with an OpenId Connect (OIDC) service which has a Client Registration Service, which is a simple web application that allows clients to be created, deleted, etc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Apache Cxf Fediz
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Java Apache +1
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

The application plugins in Apache CXF Fediz 1.2.x before 1.2.3 and 1.3.x before 1.3.1 do not match SAML AudienceRestriction values against configured audience URIs, which might allow remote attackers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Authentication Bypass Cxf Fediz
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy