Description

The SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an invalid SAML token.

Remediation

References

CVE-2014-0034

Related Vulnerabilities

Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-28333)

WordPress Plugin Contact Form 7 Database Addon-CFDB7 Unspecified Vulnerability (1.2.5.7)

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-8755)

WordPress 5.0.x Multiple Vulnerabilities (5.0 - 5.0.20)

WordPress Plugin Role Scoper Unspecified Vulnerability (1.4.1)

Severity

Medium

Classification

CVE-2014-0034 CWE-20

Tags

Missing Update Known Vulnerabilities