Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does not properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vectors.
References
Configurations
History
07 Nov 2023, 02:20
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2014-10-30 14:55
Updated : 2024-02-28 12:20
NVD link : CVE-2014-3623
Mitre link : CVE-2014-3623
CVE.ORG link : CVE-2014-3623
JSON object : View
Products Affected
apache
- cxf
- wss4j
CWE
CWE-287
Improper Authentication