Apache CXF CVE-2017-5656 Information Disclosure Vulnerability



Apache CXF is prone to an information-disclosure vulnerability.

Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks.

The following versions are affected:

Apache CXF 3.0.x prior to 3.0.13
Apache CXF 3.1.x prior to 3.1.11

Information

Bugtraq ID: 97971
Class: Design Error
CVE: CVE-2017-5656

Remote: Yes
Local: No
Published: Apr 18 2017 12:00AM
Updated: Apr 18 2017 12:00AM
Credit: The vendor reported this issue.
Vulnerable: Apache Cxf 3.1.8
Apache Cxf 3.1.7
Apache Cxf 3.1.3
Apache Cxf 3.1.2
Apache Cxf 3.1.1
Apache Cxf 3.1
Apache Cxf 3.0.11
Apache Cxf 3.0.10
Apache Cxf 3.0.7
Apache Cxf 3.0.6
Apache Cxf 3.0.5
Apache Cxf 3.0.4
Apache Cxf 3.0.3
Apache Cxf 3.0.2
Apache Cxf 3.0.1


Not Vulnerable: Apache Cxf 3.1.11


Exploit


Attackers can exploit this issue using a browser or readily available tools.


Related Posts

Comments