Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 18 Apr 2017 13:01:31 +0100
From: Colm O hEigeartaigh <>
To: "" <>, "" <>
Cc: Apache Security Response Team <>,,
Subject: New security advisories for Apache CXF

The Apache CXF project has released two new security advisories:

a) CVE-2017-5653: Apache CXF JAX-RS XML Security streaming clients do not
validate that the service response was signed or encrypted.

b) CVE-2017-5656: Apache CXF's STSClient uses a flawed way of caching
tokens that are associated with delegation tokens.

More details, including the text of the security advisories, are available


Colm O hEigeartaigh

Talend Community Coder

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ