The SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an invalid SAML token.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
07 Nov 2023, 02:18
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2014-07-07 14:55
Updated : 2024-02-28 12:20
NVD link : CVE-2014-0034
Mitre link : CVE-2014-0034
CVE.ORG link : CVE-2014-0034
JSON object : View
Products Affected
apache
- cxf
redhat
- jboss_enterprise_application_platform
CWE
CWE-20
Improper Input Validation