Description
The SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before 2.7.10, when EncryptBeforeSigning is enabled and the UsernameToken policy is set to an EncryptedSupportingToken, transmits the UsernameToken in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.
Remediation
References
http://cxf.apache.org/security-advisories.data/CVE-2014-0035.txt.asc
http://rhn.redhat.com/errata/RHSA-2014-0797.html
http://rhn.redhat.com/errata/RHSA-2014-0798.html
http://rhn.redhat.com/errata/RHSA-2014-0799.html
http://rhn.redhat.com/errata/RHSA-2014-1351.html
http://rhn.redhat.com/errata/RHSA-2015-0850.html
http://rhn.redhat.com/errata/RHSA-2015-0851.html
http://svn.apache.org/viewvc?view=revision&revision=1564724
https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
Related Vulnerabilities
CVE-2022-41936 Vulnerability in maven package org.xwiki.platform:xwiki-platform-rest-server
CVE-2022-43423 Vulnerability in maven package com.compuware.jenkins:compuware-scm-downloader
CVE-2009-1190 Vulnerability in maven package org.springframework:spring-core
CVE-2023-30524 Vulnerability in maven package org.jenkins-ci.plugins:reportportal
CVE-2011-0013 Vulnerability in maven package org.apache.tomcat:catalina