Description

The SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an invalid SAML token.

Remediation

References

CVE-2014-0034

Related Vulnerabilities

Grafana CVE-2023-1387 Vulnerability (CVE-2023-1387)

WordPress Plugin Flow-Flow Social Stream Unspecified Vulnerability (3.0.71)

Jboss EAP Uncontrolled Resource Consumption Vulnerability (CVE-2021-3629)

WordPress Plugin TinyMCE Custom Styles Cross-Site Scripting (1.1.2)

MyBB Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-9414)

Severity

Medium

Classification

CVE-2014-0034 CWE-20

Tags

Missing Update Known Vulnerabilities