8.8

CVSS Score

3.0

Basic Information

CVE ID

CVE-2017-7662

GHSA ID

GHSA-f5ch-36rg-vfcc

EPSS Score

0.73924%

CWE

CWE-352

Published

5/13/2022

Updated

12/22/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2017-7662

CVE-2017-7662:
Cross-Site Request Forgery in Apache CXF Fediz

Apache CXF Fediz ships with an OpenId Connect (OIDC) service which has a Client Registration Service, which is a simple web application that allows clients to be created, deleted, etc. A CSRF (Cross Style Request Forgery) style vulnerability has been found in this web application in Apache CXF Fediz prior to 1.4.0 and 1.3.2, meaning that a malicious web application could create new clients, or reset secrets, etc, after the admin user has logged on to the client registration service and the session is still active.

(GitHub Advisory)

8.8

CVSS Score

3.0

Basic Information

CVE ID

CVE-2017-7662

GHSA ID

GHSA-f5ch-36rg-vfcc

EPSS Score

0.73924%

CWE

CWE-352

Published

5/13/2022

Updated

12/22/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.apache.cxf.fediz:fediz-oidc	maven	< 1.3.2	1.3.2

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from missing CSRF protections in state-changing operations. The commit c68e482 shows these functions were modified to add CSRF token parameters (client_csrfToken) and validation checks. In vulnerable versions, these endpoints accepted POST requests without verifying the CSRF token, making them susceptible to forged requests when an admin session was active. The high confidence comes from direct evidence in the patch where CSRF validation was added to all these entry points.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*p**** *X* ***iz s*ips wit* *n Op*nI* *onn**t (OI**) s*rvi** w*i** **s * *li*nt R**istr*tion S*rvi**, w*i** is * simpl* w** *ppli**tion t**t *llows *li*nts to ** *r**t**, **l*t**, *t*. * *SR* (*ross Styl* R*qu*st *or**ry) styl* vuln*r**ility **s ***n

Reasoning

T** vuln*r**ility st*ms *rom missin* *SR* prot**tions in st*t*-***n*in* op*r*tions. T** *ommit ******* s*ows t**s* *un*tions w*r* mo*i*i** to *** *SR* tok*n p*r*m*t*rs (*li*nt_*sr*Tok*n) *n* v*li**tion ****ks. In vuln*r**l* v*rsions, t**s* *n*points

8.8

Basic Information

Concerned about an active attack path?

CVE-2017-7662: Cross-Site Request Forgery in Apache CXF Fediz

8.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2017-7662:
Cross-Site Request Forgery in Apache CXF Fediz

Vulnerability Intelligence
Miggo AI