Description
Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does not properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vectors.
Remediation
References
http://rhn.redhat.com/errata/RHSA-2015-0236.html
http://rhn.redhat.com/errata/RHSA-2015-0675.html
http://rhn.redhat.com/errata/RHSA-2015-0850.html
http://rhn.redhat.com/errata/RHSA-2015-0851.html
http://seclists.org/oss-sec/2014/q4/437
http://secunia.com/advisories/61909
http://www.securityfocus.com/bid/70736
https://exchange.xforce.ibmcloud.com/vulnerabilities/97754
https://issues.apache.org/jira/browse/WSS-511
https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
Related Vulnerabilities
CVE-2016-3094 Vulnerability in maven package org.apache.qpid:qpid-broker-core
CVE-2023-40342 Vulnerability in maven package org.jenkins-ci.plugins:flaky-test-handler
CVE-2023-31579 Vulnerability in maven package top.tangyh.basic:lamp-util
CVE-2022-34662 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-common
CVE-2022-39353 Vulnerability in maven package org.webjars.npm:xmldom__xmldom