Search for packages
Package details: pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.0.2
purl pkg:maven/org.apache.cxf/cxf-rt-ws-security@3.0.2
Next non-vulnerable version 3.0.13
Latest non-vulnerable version 3.1.11
Risk 4.5
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-a56m-3xft-aaap
Aliases:
CVE-2017-5656
GHSA-v936-x3j5-c76j
Session Fixation Apache CXF's STSClient uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user.
3.0.13
Affected by 0 other vulnerabilities.
3.1.11
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-20T13:53:47.618101+00:00 GitLab Importer Affected by VCID-a56m-3xft-aaap None 36.1.3
2025-06-20T13:53:46.489293+00:00 GitLab Importer Affected by VCID-a56m-3xft-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2017-5656.yml 36.1.3
2025-06-03T20:45:39.768275+00:00 GitLab Importer Affected by VCID-a56m-3xft-aaap None 36.1.0
2025-06-03T20:45:38.623990+00:00 GitLab Importer Affected by VCID-a56m-3xft-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2017-5656.yml 36.1.0
2025-06-02T20:25:15.847067+00:00 GitLab Importer Affected by VCID-a56m-3xft-aaap None 36.1.2
2025-06-02T20:25:14.652879+00:00 GitLab Importer Affected by VCID-a56m-3xft-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2017-5656.yml 36.1.2
2025-04-03T16:37:48.925808+00:00 GitLab Importer Affected by VCID-a56m-3xft-aaap None 36.0.0
2025-04-03T16:37:47.267718+00:00 GitLab Importer Affected by VCID-a56m-3xft-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2017-5656.yml 36.0.0
2025-02-17T22:46:10.604038+00:00 GitLab Importer Affected by VCID-a56m-3xft-aaap None 35.1.0
2025-02-17T22:46:10.190565+00:00 GitLab Importer Affected by VCID-a56m-3xft-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2017-5656.yml 35.1.0
2024-11-20T22:11:01.071468+00:00 GitLab Importer Affected by VCID-a56m-3xft-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2017-5656.yml 35.0.0
2024-11-18T22:07:02.852806+00:00 GitLab Importer Affected by VCID-a56m-3xft-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2017-5656.yml 34.3.2
2024-10-07T23:07:15.873301+00:00 GitLab Importer Affected by VCID-a56m-3xft-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2017-5656.yml 34.0.2
2024-09-22T23:21:57.272536+00:00 GitLab Importer Affected by VCID-a56m-3xft-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2017-5656.yml 34.0.1
2024-04-24T01:14:18.130651+00:00 GitLab Importer Affected by VCID-a56m-3xft-aaap None 34.0.0rc4
2024-04-24T01:14:17.885654+00:00 GitLab Importer Affected by VCID-a56m-3xft-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2017-5656.yml 34.0.0rc4
2024-01-10T03:43:07.201054+00:00 GitLab Importer Affected by VCID-a56m-3xft-aaap None 34.0.0rc2
2024-01-10T03:43:06.951216+00:00 GitLab Importer Affected by VCID-a56m-3xft-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2017-5656.yml 34.0.0rc2
2024-01-03T20:19:58.471449+00:00 GitLab Importer Affected by VCID-a56m-3xft-aaap None 34.0.0rc1
2024-01-03T20:19:58.224281+00:00 GitLab Importer Affected by VCID-a56m-3xft-aaap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf/cxf-rt-ws-security/CVE-2017-5656.yml 34.0.0rc1