JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2017-04-18T16:00:00

Updated: 2024-08-05T15:11:48.424Z

Reserved: 2017-01-29T00:00:00

Link: CVE-2017-5653

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2017-04-18T16:59:00.150

Modified: 2024-11-21T03:28:06.917

Link: CVE-2017-5653

cve-icon Redhat

Severity : Moderate

Publid Date: 2017-03-27T00:00:00Z

Links: CVE-2017-5653 - Bugzilla