Description
Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does not properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vectors.
Remediation
References
http://secunia.com/advisories/61909
http://seclists.org/oss-sec/2014/q4/437
http://www.securityfocus.com/bid/70736
https://issues.apache.org/jira/browse/WSS-511
http://rhn.redhat.com/errata/RHSA-2015-0236.html
http://rhn.redhat.com/errata/RHSA-2015-0675.html
http://rhn.redhat.com/errata/RHSA-2015-0851.html
http://rhn.redhat.com/errata/RHSA-2015-0850.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/97754
https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
Related Vulnerabilities
CVE-2022-23541 Vulnerability in npm package jsonwebtoken
CVE-2021-23375 Vulnerability in npm package psnode
CVE-2018-16491 Vulnerability in npm package node.extend
CVE-2021-21353 Vulnerability in maven package org.webjars.npm:pug
CVE-2017-12610 Vulnerability in maven package org.apache.kafka:kafka_2.11