Lack of Response Validation in JAX-RS XML Security Streaming Clients in Apache CXF
CVE-2017-5653 · MEDIUM Severity
AV:N/AC:L/AU:N/C:N/I:P/A:N
JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers.
Learn more about our Cis Benchmark Audit For Apache Http Server.