Lack of Response Validation in JAX-RS XML Security Streaming Clients in Apache CXF

Lack of Response Validation in JAX-RS XML Security Streaming Clients in Apache CXF

CVE-2017-5653 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers.

Learn more about our Cis Benchmark Audit For Apache Http Server.