Description

Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does not properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vectors.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2015-0236.html

http://rhn.redhat.com/errata/RHSA-2015-0675.html

http://rhn.redhat.com/errata/RHSA-2015-0850.html

http://rhn.redhat.com/errata/RHSA-2015-0851.html

http://seclists.org/oss-sec/2014/q4/437

http://secunia.com/advisories/61909

http://www.securityfocus.com/bid/70736

https://exchange.xforce.ibmcloud.com/vulnerabilities/97754

https://issues.apache.org/jira/browse/WSS-511

https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E

Related Vulnerabilities

CVE-2019-16869 Vulnerability in maven package io.netty:netty-codec-http

CVE-2017-3165 Vulnerability in maven package org.apache.brooklyn:brooklyn-jsgui

CVE-2016-5725 Vulnerability in maven package com.jcraft:jsch

CVE-2021-23820 Vulnerability in npm package json-pointer

CVE-2019-14517 Vulnerability in maven package org.webjars.npm:editor.md

Severity

Critical

Classification

CWE-287

Tags

Third Party Advisory Mailing List VDB Entry Vendor Advisory