CVE-2017-3156

Severity

7.5

Description

The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3.0.13 and 3.1.x prior to 3.1.10 is not using a constant time MAC signature comparison algorithm which may be exploited by sophisticated timing attacks.

Mitigation

We recommend upgrading to a version of this package that is not vulnerable to this specific issue.

Apache TomEE 7.0.x

First release:

2016-05-17

Support Lifecycle:

Maintenance Support

Namespace:

javax

7.0.0 7.0.1 7.0.2

Apache TomEE 1.7.x

First release:

2014-08-09

Support Lifecycle:

Unsupported

Namespace:

javax

1.7.0 1.7.1 1.7.2 1.7.3 1.7.4

Apache TomEE 1.6.x

First release:

2013-11-17

Support Lifecycle:

Unsupported

Namespace:

javax

1.6.0 1.6.0.1 1.6.0.2

Apache TomEE 1.5.x

First release:

2012-09-28

Support Lifecycle:

Unsupported

Namespace:

javax

1.5.0 1.5.1 1.5.2

Feel Vulnerable?

Contact us so we can help you.

First name ^*
Last name ^*
Email ^*
Company ^*
Product ^*
Heard about us from: ^*
Tell us more ^*

Send me a confirmation email

^* These fields are required.

CVE-2017-3156

Severity

7.5

Description

Mitigation

Related links:

Project

Category

Tags

Date Disclosed

Date Discovered

Apache TomEE 7.0.x

Apache TomEE 1.7.x

Apache TomEE 1.6.x

Apache TomEE 1.5.x

Feel Vulnerable?

Contact us so we can help you.

First name ^*
Last name ^*
Email ^*
Company ^*
Product ^*
Heard about us from: ^*
Tell us more ^*

Send me a confirmation email

^* These fields are required.

Tomitribe

Services

Open Source