CVE-2017-7662
HIGHApache CXF Fediz <1.4.0-1.3.2 - CSRF
Title source: llmDescription
Apache CXF Fediz ships with an OpenId Connect (OIDC) service which has a Client Registration Service, which is a simple web application that allows clients to be created, deleted, etc. A CSRF (Cross Style Request Forgery) style vulnerability has been found in this web application in Apache CXF Fediz prior to 1.4.0 and 1.3.2, meaning that a malicious web application could create new clients, or reset secrets, etc, after the admin user has logged on to the client registration service and the session is still active.
Exploits (2)
nomisec
WORKING POC
by dawetmaster · poc
https://github.com/dawetmaster/CVE-2017-7662-cxf-fediz-vulnerable
nomisec
WORKING POC
by andikahilmy · poc
https://github.com/andikahilmy/CVE-2017-7662-cxf-fediz-vulnerable
References (8)
Scores
CVSS v3
8.8
EPSS
0.0099
EPSS Percentile
76.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-352
Status
published
Products (4)
apache/cxf_fediz
1.4.0
apache/cxf_fediz
< 1.3.2
Apache Software Foundation/Apache CXF Fediz
prior to 1.4.0, 1.3.2 and 1.2.4.
org.apache.cxf.fediz/fediz-oidc
0 - 1.3.2Maven
Published
May 16, 2017
Tracked Since
Feb 18, 2026