VYPR
High severity8.8NVD Advisory· Published May 16, 2017· Updated Jun 17, 2026

CVE-2017-7662

CVE-2017-7662

Description

Apache CXF Fediz ships with an OpenId Connect (OIDC) service which has a Client Registration Service, which is a simple web application that allows clients to be created, deleted, etc. A CSRF (Cross Style Request Forgery) style vulnerability has been found in this web application in Apache CXF Fediz prior to 1.4.0 and 1.3.2, meaning that a malicious web application could create new clients, or reset secrets, etc, after the admin user has logged on to the client registration service and the session is still active.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.cxf.fediz:fediz-oidcMaven
< 1.3.21.3.2

Affected products

4
  • Apache/Cxf Fediz3 versions
    cpe:2.3:a:apache:cxf_fediz:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:apache:cxf_fediz:*:*:*:*:*:*:*:*range: <=1.3.2
    • cpe:2.3:a:apache:cxf_fediz:1.4.0:*:*:*:*:*:*:*
    • (no CPE)range: prior to 1.4.0, 1.3.2 and 1.2.4.

Patches

Vulnerability mechanics

References

17

News mentions

0

No linked articles in our index yet.