Description

The SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before 2.7.10, when EncryptBeforeSigning is enabled and the UsernameToken policy is set to an EncryptedSupportingToken, transmits the UsernameToken in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.

Remediation

References

http://cxf.apache.org/security-advisories.data/CVE-2014-0035.txt.asc

http://rhn.redhat.com/errata/RHSA-2014-0797.html

http://rhn.redhat.com/errata/RHSA-2014-0798.html

http://rhn.redhat.com/errata/RHSA-2014-0799.html

http://rhn.redhat.com/errata/RHSA-2014-1351.html

http://rhn.redhat.com/errata/RHSA-2015-0850.html

http://rhn.redhat.com/errata/RHSA-2015-0851.html

http://svn.apache.org/viewvc?view=revision&revision=1564724

https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E

Related Vulnerabilities

CVE-2013-7398 Vulnerability in maven package com.ning:async-http-client

CVE-2010-2076 Vulnerability in maven package org.apache.axis2:axis2-kernel

CVE-2023-50771 Vulnerability in maven package org.jenkins-ci.plugins:oic-auth

CVE-2018-1000403 Vulnerability in maven package org.jenkins-ci.plugins:codedeploy

CVE-2018-19837 Vulnerability in maven package org.webjars.npm:node-sass

Severity

Critical

Classification

CWE-310

Tags

Vendor Advisory Patch