Description

The SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before 2.7.10, when EncryptBeforeSigning is enabled and the UsernameToken policy is set to an EncryptedSupportingToken, transmits the UsernameToken in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2014-0798.html

http://cxf.apache.org/security-advisories.data/CVE-2014-0035.txt.asc

http://rhn.redhat.com/errata/RHSA-2014-0799.html

http://rhn.redhat.com/errata/RHSA-2014-0797.html

http://svn.apache.org/viewvc?view=revision&revision=1564724

http://rhn.redhat.com/errata/RHSA-2014-1351.html

http://rhn.redhat.com/errata/RHSA-2015-0851.html

http://rhn.redhat.com/errata/RHSA-2015-0850.html

https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E

Related Vulnerabilities

CVE-2023-24998 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

CVE-2011-5062 Vulnerability in maven package tomcat:catalina

CVE-2016-4461 Vulnerability in maven package org.apache.struts.xwork:xwork-core

CVE-2021-41183 Vulnerability in maven package org.webjars:jquery-ui

CVE-2018-14042 Vulnerability in maven package org.webjars:bootstrap-sass

Severity

Critical

Classification

CWE-310

Tags

Vendor Advisory Patch