mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
100 lines
4.4 KiB
JSON
100 lines
4.4 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "security@apache.org",
|
|
"ID": "CVE-2017-5653",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Apache CXF",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "prior to 3.0.13"
|
|
},
|
|
{
|
|
"version_value": "3.1.x prior to 3.1.11"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "Apache Software Foundation"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "XML Security streaming clients do not validate that the service response was secured."
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"name": "RHSA-2017:1832",
|
|
"refsource": "REDHAT",
|
|
"url": "https://access.redhat.com/errata/RHSA-2017:1832"
|
|
},
|
|
{
|
|
"name": "http://cxf.apache.org/security-advisories.data/CVE-2017-5653.txt.asc?version=1&modificationDate=1492515074710&api=v2",
|
|
"refsource": "CONFIRM",
|
|
"url": "http://cxf.apache.org/security-advisories.data/CVE-2017-5653.txt.asc?version=1&modificationDate=1492515074710&api=v2"
|
|
},
|
|
{
|
|
"name": "1038279",
|
|
"refsource": "SECTRACK",
|
|
"url": "http://www.securitytracker.com/id/1038279"
|
|
},
|
|
{
|
|
"name": "97968",
|
|
"refsource": "BID",
|
|
"url": "http://www.securityfocus.com/bid/97968"
|
|
},
|
|
{
|
|
"refsource": "MLIST",
|
|
"name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html",
|
|
"url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E"
|
|
},
|
|
{
|
|
"refsource": "MLIST",
|
|
"name": "[cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html",
|
|
"url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E"
|
|
},
|
|
{
|
|
"refsource": "MLIST",
|
|
"name": "[cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html",
|
|
"url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E"
|
|
},
|
|
{
|
|
"refsource": "MLIST",
|
|
"name": "[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html",
|
|
"url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E"
|
|
}
|
|
]
|
|
}
|
|
} |