Description

Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does not properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vectors.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2015-0236.html

http://rhn.redhat.com/errata/RHSA-2015-0675.html

http://rhn.redhat.com/errata/RHSA-2015-0850.html

http://rhn.redhat.com/errata/RHSA-2015-0851.html

http://seclists.org/oss-sec/2014/q4/437

http://secunia.com/advisories/61909

http://www.securityfocus.com/bid/70736

https://exchange.xforce.ibmcloud.com/vulnerabilities/97754

https://issues.apache.org/jira/browse/WSS-511

https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E

Related Vulnerabilities

CVE-2022-42466 Vulnerability in maven package org.apache.isis.viewer:isis-viewer-wicket-ui

CVE-2022-37616 Vulnerability in maven package org.webjars.npm:xmldom__xmldom

CVE-2017-16181 Vulnerability in npm package wintiwebdev

CVE-2020-7760 Vulnerability in npm package codemirror

CVE-2022-38750 Vulnerability in maven package org.yaml:snakeyaml

Severity

Critical

Classification

CWE-287

Tags

Third Party Advisory Mailing List VDB Entry Vendor Advisory