Description

The SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an invalid SAML token.

Remediation

References

CVE-2014-0034

Related Vulnerabilities

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Open Redirect (2.0.33)

WordPress Plugin Quiz and Survey Master (QSM)-Easy Quiz and Survey Maker Cross-Site Request Forgery (8.0.7)

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-2146)

WordPress Improper Input Validation Vulnerability (CVE-2019-20041)

WordPress Plugin Drag & Drop File Uploader 'dnd-upload.php' Arbitrary File Upload (0.1)

Severity

Medium

Classification

CVE-2014-0034 CWE-20

Tags

Missing Update Known Vulnerabilities