Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications. A CSRF (Cross Style Request Forgery) style vulnerability has been found in the Spring 2, Spring 3, Jetty 8 and Jetty 9 plugins in Apache CXF Fediz before 1.4.0, 1.3.2 and 1.2.4.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache cxf fediz |
||
apache cxf fediz 1.3.2 |
||
apache cxf fediz 1.2.4 |