VYPR
High severity7.5NVD Advisory· Published Apr 18, 2017· Updated Jun 17, 2026

CVE-2017-5656

CVE-2017-5656

Description

Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.cxf:cxf-coreMaven
>= 3.1.0, < 3.1.113.1.11
org.apache.cxf:cxf-coreMaven
< 3.0.133.0.13

Affected products

3

Patches

Vulnerability mechanics

References

20

News mentions

0

No linked articles in our index yet.