CVE-2017-7662

high

Apache

CVSS v3 Base Score

8.8

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score

1.0%

Exploitation probability in 30 days

Top 23% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Confidentiality

High

Integrity

High

Availability

High

Published: May 16, 2017 (3285 days ago)

Last Modified: May 13, 2026

Vendor: Apache

Source: NVD

Description

Apache CXF Fediz ships with an OpenId Connect (OIDC) service which has a Client Registration Service, which is a simple web application that allows clients to be created, deleted, etc. A CSRF (Cross Style Request Forgery) style vulnerability has been found in this web application in Apache CXF Fediz prior to 1.4.0 and 1.3.2, meaning that a malicious web application could create new clients, or reset secrets, etc, after the admin user has logged on to the client registration service and the session is still active.

CWE

CWE-352

Affected Products

apache cxf fediz

References

🔗 cxf.apache.org 🔗 www.securitytracker.com 🔗 lists.apache.org 🔗 lists.apache.org 🔗 lists.apache.org

CVE-2017-7662

Vulnerability Report

Description

CWE

Affected Products

References