CVE-2014-0034 – org.apache.cxf:cxf-rt-ws-security

Package

Manager: maven
Name: org.apache.cxf:cxf-rt-ws-security
Vulnerable Version: >=0 <2.6.12 || >=2.7.0 <2.7.9

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.01861 pctl0.82348

Details

Improper Input Validation in Apache CXF The SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an invalid SAML token.

Metadata

Created: 2022-05-13T01:09:20Z
Modified: 2023-12-21T21:16:37Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-38x2-fp9m-87mx/GHSA-38x2-fp9m-87mx.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-38x2-fp9m-87mx
Finding: F184
Auto approve: 1