Description

The application plugins in Apache CXF Fediz 1.2.x before 1.2.3 and 1.3.x before 1.3.1 do not match SAML AudienceRestriction values against configured audience URIs, which might allow remote attackers to have bypass intended restrictions and have unspecified other impact via a crafted SAML token with a trusted signature.

Remediation

References

http://cxf.apache.org/security-advisories.data/CVE-2016-4464.txt.asc

http://www.openwall.com/lists/oss-security/2016/09/08/20

http://www.securityfocus.com/bid/92905

http://www.securitytracker.com/id/1036869

https://git-wip-us.apache.org/repos/asf?p=cxf-fediz.git%3Ba=commit%3Bh=0006581e9cacbeef46381a223e5671e524d416b6

https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E

Related Vulnerabilities

CVE-2018-1000108 Vulnerability in maven package org.jenkins-ci.plugins:cppncss

CVE-2022-23621 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore

CVE-2021-32691 Vulnerability in npm package data-connector-rock

CVE-2023-32069 Vulnerability in maven package org.xwiki.platform:xwiki-platform-xclass-ui

CVE-2022-41854 Vulnerability in maven package org.yaml:snakeyaml

Severity

Critical

Classification

CWE-284 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Mitigation Vendor Advisory Mailing List Third Party Advisory