CVE-2017-5653

medium Apache
CVSS v3 Base Score
5.3
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score
3.2%
Exploitation probability in 30 days
Top 13% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Confidentiality
None
Integrity
Low
Availability
None
Published: April 18, 2017 (3313 days ago)
Last Modified: May 13, 2026
Vendor: Apache
Source: NVD

Description

JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers.

CWE

CWE-295

Affected Products

apache cxf

References

🔗 cxf.apache.org 🔗 www.securityfocus.com 🔗 www.securitytracker.com 🔗 access.redhat.com 🔗 lists.apache.org