Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2017-04-18T16:00:00

Updated: 2024-08-05T15:11:48.432Z

Reserved: 2017-01-29T00:00:00

Link: CVE-2017-5656

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2017-04-18T16:59:00.197

Modified: 2024-11-21T03:28:07.297

Link: CVE-2017-5656

cve-icon Redhat

Severity : Moderate

Publid Date: 2017-04-05T00:00:00Z

Links: CVE-2017-5656 - Bugzilla