Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 18 Apr 2017 13:01:31 +0100
From: Colm O hEigeartaigh <>
To: "" <>, "" <>
Cc: Apache Security Response Team <>,,
Subject: New security advisories for Apache CXF

The Apache CXF project has released two new security advisories:

a) CVE-2017-5653: Apache CXF JAX-RS XML Security streaming clients do not
validate that the service response was signed or encrypted.

b) CVE-2017-5656: Apache CXF's STSClient uses a flawed way of caching
tokens that are associated with delegation tokens.

More details, including the text of the security advisories, are available


Colm O hEigeartaigh

Talend Community Coder

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.