Description

Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does not properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vectors.

Remediation

References

http://secunia.com/advisories/61909

http://seclists.org/oss-sec/2014/q4/437

http://www.securityfocus.com/bid/70736

https://issues.apache.org/jira/browse/WSS-511

http://rhn.redhat.com/errata/RHSA-2015-0236.html

http://rhn.redhat.com/errata/RHSA-2015-0675.html

http://rhn.redhat.com/errata/RHSA-2015-0851.html

http://rhn.redhat.com/errata/RHSA-2015-0850.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/97754

https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E

Related Vulnerabilities

CVE-2019-0205 Vulnerability in maven package org.apache.thrift:libthrift

CVE-2021-21423 Vulnerability in npm package projen

CVE-2021-39199 Vulnerability in npm package remark-html

CVE-2018-20594 Vulnerability in maven package org.hswebframework.web:hsweb-system-workflow-local

CVE-2017-7667 Vulnerability in maven package org.apache.nifi:nifi

Severity

Critical

Classification

CWE-287

Tags

Third Party Advisory Mailing List VDB Entry Vendor Advisory