The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3.0.13 and 3.1.x prior to 3.1.10 is not using a constant time MAC signature comparison algorithm which may be exploited by sophisticated timing attacks.
References
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 02:44
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2017-08-10 18:29
Updated : 2024-02-28 16:04
NVD link : CVE-2017-3156
Mitre link : CVE-2017-3156
CVE.ORG link : CVE-2017-3156
JSON object : View
Products Affected
apache
- cxf
CWE