CVE-2017-7661
HIGHApache CXF Fediz <1.4.0-1.2.4 - CSRF
Title source: llmDescription
Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. A CSRF (Cross Style Request Forgery) style vulnerability has been found in the Spring 2, Spring 3, Jetty 8 and Jetty 9 plugins in Apache CXF Fediz prior to 1.4.0, 1.3.2 and 1.2.4.
Exploits (2)
nomisec
WORKING POC
by dawetmaster · poc
https://github.com/dawetmaster/CVE-2017-7661-cxf-fediz-vulnerable
nomisec
WORKING POC
by andikahilmy · poc
https://github.com/andikahilmy/CVE-2017-7661-cxf-fediz-vulnerable
References (8)
Scores
CVSS v3
8.8
EPSS
0.0092
EPSS Percentile
76.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-352
Status
published
Products (7)
apache/cxf_fediz
1.2.4
apache/cxf_fediz
1.3.2
apache/cxf_fediz
< 1.4.0
Apache Software Foundation/Apache CXF Fediz
prior to 1.4.0, 1.3.2 and 1.2.4.
org.apache.cxf.fediz/fediz-jetty8
0 - 1.3.2Maven
org.apache.cxf.fediz/fediz-jetty9
0 - 1.3.2Maven
org.apache.cxf.fediz/fediz-spring2
1.3.0 - 1.3.2Maven
Published
May 16, 2017
Tracked Since
Feb 18, 2026