Cross-Site Request Forgery (CSRF) Affecting org.apache.cxf.fediz:fediz-cxf Open this link in a new tab package, versions [,1.3.2) [1.3.3, 1.4.0)


0.0
high
  • Attack Complexity

    Low

  • User Interaction

    Required

  • Confidentiality

    High

  • Integrity

    High

  • Availability

    High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id

    SNYK-JAVA-ORGAPACHECXFFEDIZ-32205

  • published

    15 Apr 2018

  • disclosed

    16 May 2017

  • credit

    Unknown

How to fix?

Upgrade org.apache.cxf.fediz:fediz-cxf to version 1.3.2, 1.4.0 or higher.

Overview

org.apache.cxf.fediz:fediz-cxf is a package that helps you secure your web applications by delegating security enforcement to the underlying application server.

Affected versions of this package are vulnerable to Cross-Site Request Forgery (CSRF). Affected versions of this package are vulnerable to Cross-Site Request Forgery (CSRF). A malicious web application could create new clients, or reset secrets, etc, after the admin user has logged on to the client registration service and the session is still active.