Search

Find a vulnerability

Search criteria

    1 vulnerability by jwt-scala project

    JVNDB-2017-007582

    Vulnerability from jvndb - Published: 2017-09-26 15:37 - Updated:2018-03-07 12:23
    Severity
    Summary
    jwt-scala fails to verify token signatures
    Details
    jwt-scala contains a vulnerability where it fails to verify token signatures correctly. jwt-scala is a Scala library to handle JSON Web Token (JWT). jwt-scala contains a vulnerability where it fails to verify token signatures correctly due to improper processing of JWT headers. Toshiharu Sugiyama of Recruit Technologies Co.,Ltd. RED TEAM reported this vulnerability to the developer and JPCERT/CC and directly coordinated with the developer. JPCERT/CC published this advisory as the developer agreed with the publication on JVN.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-007582.html",
      "dc:date": "2018-03-07T12:23+09:00",
      "dcterms:issued": "2017-09-26T15:37+09:00",
      "dcterms:modified": "2018-03-07T12:23+09:00",
      "description": "jwt-scala contains a vulnerability where it fails to verify token signatures correctly.\r\n\r\njwt-scala is a Scala library to handle JSON Web Token (JWT).  jwt-scala contains a vulnerability where it fails to verify token signatures correctly due to improper processing of JWT headers.\r\n\r\nToshiharu Sugiyama of Recruit Technologies Co.,Ltd. RED TEAM reported this vulnerability to the developer and JPCERT/CC and directly coordinated with the developer. JPCERT/CC published this advisory as the developer agreed with the publication on JVN.",
      "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-007582.html",
      "sec:cpe": {
        "#text": "cpe:/a:really:jwt-scala",
        "@product": "jwt-scala",
        "@vendor": "jwt-scala project",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "5.0",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "@version": "2.0"
        },
        {
          "@score": "5.3",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2017-007582",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/vu/JVNVU90916766/index.html",
          "@id": "JVNVU#90916766",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10862",
          "@id": "CVE-2017-10862",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10862",
          "@id": "CVE-2017-10862",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-287",
          "@title": "Improper Authentication(CWE-287)"
        }
      ],
      "title": "jwt-scala fails to verify token signatures"
    }