CVE-2017-7661

high

Apache

CVSS v3 Base Score

8.8

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score

0.9%

Exploitation probability in 30 days

Top 24% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Confidentiality

High

Integrity

High

Availability

High

Published: May 16, 2017 (3285 days ago)

Last Modified: May 13, 2026

Vendor: Apache

Source: NVD

Description

Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. A CSRF (Cross Style Request Forgery) style vulnerability has been found in the Spring 2, Spring 3, Jetty 8 and Jetty 9 plugins in Apache CXF Fediz prior to 1.4.0, 1.3.2 and 1.2.4.

CWE

CWE-352

Affected Products

apache cxf fediz

References

🔗 cxf.apache.org 🔗 www.securitytracker.com 🔗 lists.apache.org 🔗 lists.apache.org 🔗 lists.apache.org

CVE-2017-7661

Vulnerability Report

Description

CWE

Affected Products

References