Description

The SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before 2.7.10, when EncryptBeforeSigning is enabled and the UsernameToken policy is set to an EncryptedSupportingToken, transmits the UsernameToken in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.

Remediation

References

CVE-2014-0035

Related Vulnerabilities

Artifactory Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-23163)

WordPress Plugin WordPress Payments-GetPaid Cross-Site Scripting (2.3.3)

WordPress Plugin DukaPress Directory Traversal (2.5.2)

WordPress Plugin WP Booking System Cross-Site Scripting (1.3.3)

Oracle JRE CVE-2019-2945 Vulnerability (CVE-2019-2945)

Severity

Medium

Classification

CVE-2014-0035

Tags

Missing Update Known Vulnerabilities