CVE-2015-5253 – org.apache.cxf:cxf-rt-rs-security-sso-saml

Package

Manager: maven
Name: org.apache.cxf:cxf-rt-rs-security-sso-saml
Vulnerable Version: >=0 <2.7.18 || >=3.0.0 <3.0.7 || >=3.1.0 <3.1.3

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00336 pctl0.55828

Details

Improper Access Control in Apache CXF The SAML Web SSO module in Apache CXF before 2.7.18, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote authenticated users to bypass authentication via a crafted SAML response with a valid signed assertion, related to a "wrapping attack."

Metadata

Created: 2022-05-13T01:09:20Z
Modified: 2023-12-21T22:31:58Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-3336-h95j-hvvf/GHSA-3336-h95j-hvvf.json
CWE IDs: ["CWE-284"]
Alternative ID: GHSA-3336-h95j-hvvf
Finding: F039
Auto approve: 1