Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apache
Published: 2017-04-18T16:00:00
Updated: 2021-06-16T11:06:58
Reserved: 2017-01-29T00:00:00
Link: CVE-2017-5656
JSON object: View
NVD Information
Status : Modified
Published: 2017-04-18T16:59:00.197
Modified: 2023-11-07T02:49:30.030
Link: CVE-2017-5656
JSON object: View
Redhat Information
No data.
CWE