Apache CXF Fediz is prone to multiple cross-site request-forgery vulnerabilities.
Exploiting these issues may allow a remote attacker to perform certain unauthorized actions in the context of the affected application. Other attacks are also possible.
Versions prior to Apache CXF Fediz 1.4.3 and 1.3.3 are vulnerable.
Information
Bugtraq ID: 102127Class: Input Validation Error
CVE: CVE-2017-12631
Remote: Yes
Local: No
Published: Nov 30 2017 12:00AM
Updated: Dec 11 2017 03:11PM
Credit: The vendor reported these issues.
Vulnerable: Apache CXF Fediz 1.4.2
Apache CXF Fediz 1.4.1
Apache CXF Fediz 1.4
Apache CXF Fediz 1.3.2
Apache CXF Fediz 1.3.1
Apache CXF Fediz 1.3
Not Vulnerable: Apache CXF Fediz 1.4.3
Apache CXF Fediz 1.3.3
Exploit
Attackers can exploit these issues by enticing an unsuspecting victim to follow a malicious URI.
References: