Description

Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does not properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vectors.

Remediation

References

http://secunia.com/advisories/61909

http://seclists.org/oss-sec/2014/q4/437

http://www.securityfocus.com/bid/70736

https://issues.apache.org/jira/browse/WSS-511

http://rhn.redhat.com/errata/RHSA-2015-0236.html

http://rhn.redhat.com/errata/RHSA-2015-0675.html

http://rhn.redhat.com/errata/RHSA-2015-0851.html

http://rhn.redhat.com/errata/RHSA-2015-0850.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/97754

https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E

Related Vulnerabilities

CVE-2022-36077 Vulnerability in npm package electron

CVE-2018-15494 Vulnerability in maven package org.webjars.bower:dojox

CVE-2017-16216 Vulnerability in npm package tencent-server

CVE-2021-23346 Vulnerability in maven package org.webjars.npm:html-parse-stringify2

CVE-2019-10378 Vulnerability in maven package org.jenkins-ci.plugins:testlink

Severity

Critical

Classification

CWE-287

Tags

Third Party Advisory Mailing List VDB Entry Vendor Advisory