Exploitation Summary
EIP tracks 2 public exploits for CVE-2017-7662. PoCs published by dawetmaster, andikahilmy.
AI-analyzed exploit summary This repository contains vulnerable code from Apache CXF Fediz, specifically demonstrating CVE-2017-7662, which involves improper handling of security tokens. The provided Java files include examples of federation services that process and display user claims and tokens, which could be exploited for unauthorized access or information disclosure.
Description
Apache CXF Fediz ships with an OpenId Connect (OIDC) service which has a Client Registration Service, which is a simple web application that allows clients to be created, deleted, etc. A CSRF (Cross Style Request Forgery) style vulnerability has been found in this web application in Apache CXF Fediz prior to 1.4.0 and 1.3.2, meaning that a malicious web application could create new clients, or reset secrets, etc, after the admin user has logged on to the client registration service and the session is still active.
Exploits (2)
This repository contains vulnerable code from Apache CXF Fediz, specifically demonstrating CVE-2017-7662, which involves improper handling of security tokens. The provided Java files include examples of federation services that process and display user claims and tokens, which could be exploited for unauthorized access or information disclosure.
This repository contains vulnerable code from Apache CXF Fediz, demonstrating CVE-2017-7662, which involves improper handling of SAML tokens leading to authentication bypass. The provided Java files include vulnerable FederationService implementations that process SAML tokens without proper validation.
References (8)
Scores
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H