Apache CXF Fediz CVE-2017-12631 Multiple Cross Site Request Forgery Vulnerabilities

Apache CXF Fediz is prone to multiple cross-site request-forgery vulnerabilities.

Exploiting these issues may allow a remote attacker to perform certain unauthorized actions in the context of the affected application. Other attacks are also possible.

Versions prior to Apache CXF Fediz 1.4.3 and 1.3.3 are vulnerable.

Information

Bugtraq ID: 102127
Class: Input Validation Error
CVE: CVE-2017-12631

Remote: Yes
Local: No
Published: Nov 30 2017 12:00AM
Updated: Dec 11 2017 03:11PM
Credit: The vendor reported these issues.
Vulnerable: Apache CXF Fediz 1.4.2
Apache CXF Fediz 1.4.1
Apache CXF Fediz 1.4
Apache CXF Fediz 1.3.2
Apache CXF Fediz 1.3.1
Apache CXF Fediz 1.3

Not Vulnerable: Apache CXF Fediz 1.4.3
Apache CXF Fediz 1.3.3

Exploit

Attackers can exploit these issues by enticing an unsuspecting victim to follow a malicious URI.

References:

Apache CXF Fediz - Homepage (Apache)
Apache CXF Fediz 1.4.3 and 1.3.3 released with a new security advisory CVE-2017- (nabble)

Source: www.securityfocus.com

Exploit Collector

Search Exploit