CVE-2017-7661
published 2017-05-16CVE-2017-7661: Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. A CSRF (Cross Style Request Forgery) style…
high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. A CSRF (Cross Style Request Forgery) style vulnerability has been found in the Spring 2, Spring 3, Jetty 8 and Jetty 9 plugins in Apache CXF Fediz prior to 1.4.0, 1.3.2 and 1.2.4.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | cxf_fediz | <= 1.4.0 | — |
| apache | cxf_fediz | — | — |
| apache | cxf_fediz | — | — |
| apache_software_foundation | apache_cxf_fediz | — | — |