CalvinBackup/CVEs-PoC
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2026-04-21 09:56:14 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
CVEs-PoC/2017/CVE-2017-7662.md
T
0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09
2025-09-29 21:09:30 +02:00

1.0 KiB
Raw Permalink Blame History

CVE-2017-7662

Description

Apache CXF Fediz ships with an OpenId Connect (OIDC) service which has a Client Registration Service, which is a simple web application that allows clients to be created, deleted, etc. A CSRF (Cross Style Request Forgery) style vulnerability has been found in this web application in Apache CXF Fediz prior to 1.4.0 and 1.3.2, meaning that a malicious web application could create new clients, or reset secrets, etc, after the admin user has logged on to the client registration service and the session is still active.

POC

Reference

No PoCs from references.

Github

Reference in New Issue View Git Blame Copy Permalink