← Back to CVE List

CVE-2017-7662

Published: 2017-05-16T17:29Z
Last Modified: 2024-11-21T03:32Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
Apache CXF Fediz ships with an OpenId Connect (OIDC) service which has a Client Registration Service, which is a simple web application that allows clients to be created, deleted, etc. A CSRF (Cross Style Request Forgery) style vulnerability has been found in this web application in Apache CXF Fediz prior to 1.4.0 and 1.3.2, meaning that a malicious web application could create new clients, or reset secrets, etc, after the admin user has logged on to the client registration service and the session is still active. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt