Vulnerabilities > Apache > CXF > 3.1.10
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-18 | CVE-2017-5656 | Session Fixation vulnerability in Apache CXF Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user. | 7.5 |
| 2017-04-18 | CVE-2017-5653 | Improper Certificate Validation vulnerability in Apache CXF JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers. | 5.3 |