Description

Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does not properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vectors.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2015-0236.html

http://rhn.redhat.com/errata/RHSA-2015-0675.html

http://rhn.redhat.com/errata/RHSA-2015-0850.html

http://rhn.redhat.com/errata/RHSA-2015-0851.html

http://seclists.org/oss-sec/2014/q4/437

http://secunia.com/advisories/61909

http://www.securityfocus.com/bid/70736

https://exchange.xforce.ibmcloud.com/vulnerabilities/97754

https://issues.apache.org/jira/browse/WSS-511

https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E

Related Vulnerabilities

CVE-2018-6874 Vulnerability in maven package org.webjars.npm:auth0-lock

CVE-2021-21640 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2020-28271 Vulnerability in npm package deephas

CVE-2018-1000129 Vulnerability in maven package org.jolokia:jolokia-core

CVE-2022-24433 Vulnerability in maven package org.webjars.npm:simple-git

Severity

Critical

Classification

CWE-287

Tags

Third Party Advisory Mailing List VDB Entry Vendor Advisory