CVE-2017-7661

HIGH

Apache CXF Fediz <1.4.0-1.2.4 - CSRF

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2017-7661. PoCs published by dawetmaster, andikahilmy.

AI-analyzed exploit summary This repository contains vulnerable code for CVE-2017-7661, an XXE vulnerability in Apache CXF Fediz. The provided Java servlets demonstrate the vulnerable components that allow XML External Entity (XXE) processing, which can lead to information disclosure or server-side request forgery (SSRF).

Description

Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. A CSRF (Cross Style Request Forgery) style vulnerability has been found in the Spring 2, Spring 3, Jetty 8 and Jetty 9 plugins in Apache CXF Fediz prior to 1.4.0, 1.3.2 and 1.2.4.

Exploits (2)

nomisec WORKING POC
by dawetmaster · poc
https://github.com/dawetmaster/CVE-2017-7661-cxf-fediz-vulnerable

This repository contains vulnerable code for CVE-2017-7661, an XXE vulnerability in Apache CXF Fediz. The provided Java servlets demonstrate the vulnerable components that allow XML External Entity (XXE) processing, which can lead to information disclosure or server-side request forgery (SSRF).

Classification
Working Poc 90%
Attack Type
Xxe
Complexity
Moderate
Reliability
Reliable
Target: Apache CXF Fediz (versions prior to 1.4.0)
No auth needed
Prerequisites: Network access to the vulnerable application · Ability to send crafted XML payloads
devstral-2 · analyzed Mar 14, 2026 Full analysis →
nomisec WORKING POC
by andikahilmy · poc
https://github.com/andikahilmy/CVE-2017-7661-cxf-fediz-vulnerable

This repository contains vulnerable code from Apache CXF Fediz, demonstrating CVE-2017-7661, which involves improper validation of SAML tokens leading to authentication bypass. The provided servlet examples show how claims and tokens are processed, highlighting the vulnerability in the token validation logic.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Apache CXF Fediz (versions prior to fix for CVE-2017-7661)
No auth needed
Prerequisites: Access to a vulnerable Apache CXF Fediz instance · Ability to send crafted SAML tokens
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (8)

Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1038497

Scores

CVSS v3 8.8
EPSS 0.0092
EPSS Percentile 76.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (7)
apache/cxf_fediz 1.2.4
apache/cxf_fediz 1.3.2
apache/cxf_fediz < 1.4.0
Apache Software Foundation/Apache CXF Fediz prior to 1.4.0, 1.3.2 and 1.2.4.
org.apache.cxf.fediz/fediz-jetty8 0 - 1.3.2Maven
org.apache.cxf.fediz/fediz-jetty9 0 - 1.3.2Maven
org.apache.cxf.fediz/fediz-spring2 1.3.0 - 1.3.2Maven
Published May 16, 2017
Tracked Since Feb 18, 2026