High severity7.5NVD Advisory· Published Aug 10, 2017· Updated May 13, 2026

CVE-2017-3156

Description

The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3.0.13 and 3.1.x prior to 3.1.10 is not using a constant time MAC signature comparison algorithm which may be exploited by sophisticated timing attacks.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
org.apache.cxf.karaf:apache-cxfMaven	< 3.0.13	3.0.13
org.apache.cxf.karaf:apache-cxfMaven	>= 3.1.0, < 3.1.10	3.1.10

Affected products

Apache/Cxf11 versions
cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*+ 10 more
- cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*range: <=3.0.12
- cpe:2.3:a:apache:cxf:3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cxf:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cxf:3.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cxf:3.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cxf:3.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cxf:3.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cxf:3.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cxf:3.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cxf:3.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cxf:3.1.9:*:*:*:*:*:*:*
Apache Software Foundation/Apache CXFv5
Range: prior to 3.0.13

Patches

555843f

Doing a better bytes comparison in some of JAXRS OAuth2/Jose code

https://github.com/apache/cxfSergey BeryozkinDec 30, 2016via ghsa

commit

3 files changed · +6 −6

rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweDecryption.java+2 −2 modified

@@ -18,8 +18,8 @@
  */
 package org.apache.cxf.rs.security.jose.jwe;
 
+import java.security.MessageDigest;
 import java.security.spec.AlgorithmParameterSpec;
-import java.util.Arrays;
 
 import javax.crypto.spec.IvParameterSpec;
 
@@ -56,7 +56,7 @@ protected void validateAuthenticationTag(JweDecryptionInput jweDecryptionInput,
                                                            jweDecryptionInput.getDecodedJsonHeaders());
         macState.mac.update(jweDecryptionInput.getEncryptedContent());
         byte[] expectedAuthTag = AesCbcHmacJweEncryption.signAndGetTag(macState);
-        if (!Arrays.equals(actualAuthTag, expectedAuthTag)) {
+        if (!MessageDigest.isEqual(actualAuthTag, expectedAuthTag)) {
             LOG.warning("Invalid authentication tag");
             throw new JweException(JweException.Error.CONTENT_DECRYPTION_FAILURE);
         }

rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java+2 −2 modified

@@ -18,8 +18,8 @@
  */
 package org.apache.cxf.rs.security.jose.jws;
 
+import java.security.MessageDigest;
 import java.security.spec.AlgorithmParameterSpec;
-import java.util.Arrays;
 import java.util.logging.Logger;
 
 import org.apache.cxf.common.logging.LogUtils;
@@ -53,7 +53,7 @@ public HmacJwsSignatureVerifier(byte[] key, AlgorithmParameterSpec spec, Signatu
     @Override
     public boolean verify(JwsHeaders headers, String unsignedText, byte[] signature) {
         byte[] expected = computeMac(headers, unsignedText);
-        return Arrays.equals(expected, signature);
+        return MessageDigest.isEqual(expected, signature);
     }
     
     private byte[] computeMac(JwsHeaders headers, String text) {

rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java

+2 −2 modified

@@ -19,7 +19,7 @@
 package org.apache.cxf.rs.security.oauth2.tokens.hawk;
 
 import java.net.URI;
-import java.util.Arrays;
+import java.security.MessageDigest;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
@@ -78,7 +78,7 @@ public AccessTokenValidation validateAccessToken(MessageContext mc,
                                                          
             String clientMacString = schemeParams.get(OAuthConstants.HAWK_TOKEN_SIGNATURE);
             byte[] clientMacData = Base64Utility.decode(clientMacString);
-            boolean validMac = Arrays.equals(serverMacData, clientMacData);
+            boolean validMac = MessageDigest.isEqual(serverMacData, clientMacData);
             if (!validMac) {
                 AuthorizationUtils.throwAuthorizationFailure(Collections
                     .singleton(OAuthConstants.HAWK_AUTHORIZATION_SCHEME));

1338469

Doing a better bytes comparison in some of JAXRS OAuth2/Jose code

https://github.com/apache/cxfSergey BeryozkinDec 30, 2016via ghsa

commit

3 files changed · +6 −6

rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/AesCbcHmacJweDecryption.java+2 −2 modified

@@ -18,8 +18,8 @@
  */
 package org.apache.cxf.rs.security.jose.jwe;
 
+import java.security.MessageDigest;
 import java.security.spec.AlgorithmParameterSpec;
-import java.util.Arrays;
 
 import javax.crypto.spec.IvParameterSpec;
 
@@ -56,7 +56,7 @@ protected void validateAuthenticationTag(JweDecryptionInput jweDecryptionInput,
                                                            jweDecryptionInput.getDecodedJsonHeaders());
         macState.mac.update(jweDecryptionInput.getEncryptedContent());
         byte[] expectedAuthTag = AesCbcHmacJweEncryption.signAndGetTag(macState);
-        if (!Arrays.equals(actualAuthTag, expectedAuthTag)) {
+        if (!MessageDigest.isEqual(actualAuthTag, expectedAuthTag)) {
             LOG.warning("Invalid authentication tag");
             throw new JweException(JweException.Error.CONTENT_DECRYPTION_FAILURE);
         }

rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/HmacJwsSignatureVerifier.java+2 −2 modified

@@ -18,8 +18,8 @@
  */
 package org.apache.cxf.rs.security.jose.jws;
 
+import java.security.MessageDigest;
 import java.security.spec.AlgorithmParameterSpec;
-import java.util.Arrays;
 import java.util.logging.Logger;
 
 import org.apache.cxf.common.logging.LogUtils;
@@ -53,7 +53,7 @@ public HmacJwsSignatureVerifier(byte[] key, AlgorithmParameterSpec spec, Signatu
     @Override
     public boolean verify(JwsHeaders headers, String unsignedText, byte[] signature) {
         byte[] expected = computeMac(headers, unsignedText);
-        return Arrays.equals(expected, signature);
+        return MessageDigest.isEqual(expected, signature);
     }
     
     private byte[] computeMac(JwsHeaders headers, String text) {

rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/tokens/hawk/AbstractHawkAccessTokenValidator.java

+2 −2 modified

@@ -19,7 +19,7 @@
 package org.apache.cxf.rs.security.oauth2.tokens.hawk;
 
 import java.net.URI;
-import java.util.Arrays;
+import java.security.MessageDigest;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
@@ -78,7 +78,7 @@ public AccessTokenValidation validateAccessToken(MessageContext mc,
                                                          
             String clientMacString = schemeParams.get(OAuthConstants.HAWK_TOKEN_SIGNATURE);
             byte[] clientMacData = Base64Utility.decode(clientMacString);
-            boolean validMac = Arrays.equals(serverMacData, clientMacData);
+            boolean validMac = MessageDigest.isEqual(serverMacData, clientMacData);
             if (!validMac) {
                 AuthorizationUtils.throwAuthorizationFailure(Collections
                     .singleton(OAuthConstants.HAWK_AUTHORIZATION_SCHEME));

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.005
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000