5
CVSSv2

CVE-2017-5653

Published: 18/04/2017 Updated: 16/01/2020
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Summary

JAX-RS XML Security streaming clients in Apache CXF prior to 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote malicious users to spoof servers.