CVSS: 5.0EPSS: 1%CPEs: 11EXPL: 0CVE-2014-3584 – CXF: Denial of Service (DoS) via invalid JAX-RS SAML tokens
https://notcve.org/view.php?id=CVE-2014-3584
The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted SAML token in the authorization header of a request to a JAX-RS service. SamlHeaderInHandler en Apache CXF anterior a 2.6.11, 2.7.x anterior a 2.7.8, y 3.0.x anterior a 3.0.1 permite a atacantes remotos causar una denegación de servicio (bucle infinito) a través de un token SAML manipulado en la cabecera de autorización de una solicitud hacia un servicio JAX-RS. • http://cxf.apache.org/security-advisories.data/CVE-2014-3584.txt.asc http://seclists.org/oss-sec/2014/q4/437 http://secunia.com/advisories/61909 http://www.securityfocus.com/bid/70738 https://exchange.xforce.ibmcloud.com/vulnerabilities/97753 https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E https://lists.apache.org/thread. • CWE-399: Resource Management Errors CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2014-3623 – CXF: Improper security semantics enforcement of SAML SubjectConfirmation methods
https://notcve.org/view.php?id=CVE-2014-3623
Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does not properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vectors. Apache WSS4J anterior a versión 1.6.17 y versiones 2.x anteriores a 2.0.2, tal y como es usado en Apache CXF versiones 2.7.x anteriores a 2.7.13 y versiones 3.0.x anteriores a 3.0.2, cuando se usa TransportBinding, no se impone apropiadamente la semántica de seguridad del método SubjectConfirmation de SAML, que permite a los atacantes remotos conducir ataques de suplantación de identidad por medio de vectores no especificados. It was found that Apache WSS4J (Web Services Security for Java), as used by Apache CXF with the TransportBinding, did not, by default, properly enforce all security requirements associated with SAML SubjectConfirmation methods. A remote attacker could use this flaw to perform various types of spoofing attacks on web service endpoints secured by WSS4J that rely on SAML for authentication. • http://rhn.redhat.com/errata/RHSA-2015-0236.html http://rhn.redhat.com/errata/RHSA-2015-0675.html http://rhn.redhat.com/errata/RHSA-2015-0850.html http://rhn.redhat.com/errata/RHSA-2015-0851.html http://seclists.org/oss-sec/2014/q4/437 http://secunia.com/advisories/61909 http://www.securityfocus.com/bid/70736 https://exchange.xforce.ibmcloud.com/vulnerabilities/97754 https://issues.apache.org/jira/browse/WSS-511 https://lists.apache.org/thread.html/r36e44ffc1a9b365327d • CWE-287: Improper Authentication CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 4.3EPSS: 0%CPEs: 23EXPL: 0CVE-2014-0034 – CXF: The SecurityTokenService accepts certain invalid SAML Tokens as valid
https://notcve.org/view.php?id=CVE-2014-0034
The SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an invalid SAML token. SecurityTokenService (STS) en Apache CXF anterior a 2.6.12 y 2.7.x anterior a 2.7.9 no valida debidamente los tokens SAML cuando el cacheo está habilitado, lo que permite a atacantes remotos ganar acceso a través de un token SAML inválido. It was found that the SecurityTokenService (STS), provided as a part of Apache CXF, could under certain circumstances accept invalid SAML tokens as valid. A remote attacker could use a specially crafted SAML token to gain access to an application that uses STS for validation of SAML tokens. • http://cxf.apache.org/security-advisories.data/CVE-2014-0034.txt.asc http://rhn.redhat.com/errata/RHSA-2014-0797.html http://rhn.redhat.com/errata/RHSA-2014-0798.html http://rhn.redhat.com/errata/RHSA-2014-0799.html http://rhn.redhat.com/errata/RHSA-2014-1351.html http://rhn.redhat.com/errata/RHSA-2015-0850.html http://rhn.redhat.com/errata/RHSA-2015-0851.html http://svn.apache.org/viewvc?view=revision&revision=1551228 http://www.securityfocus.com/bid/68441 https&# • CWE-20: Improper Input Validation CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 4.3EPSS: 0%CPEs: 25EXPL: 0CVE-2014-0035 – CXF: UsernameTokens are sent in plaintext with a Symmetric EncryptBeforeSigning policy
https://notcve.org/view.php?id=CVE-2014-0035
The SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before 2.7.10, when EncryptBeforeSigning is enabled and the UsernameToken policy is set to an EncryptedSupportingToken, transmits the UsernameToken in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network. SymmetricBinding en Apache CXF anterior a 2.6.13 y 2.7.x anterior a 2.7.10, cuando EncryptBeforeSigning está habilitado y la política UsernameToken está configurada en un EncryptedSupportingToken, transmite el UsernameToken en texto claro, lo que permite a atacantes remotos obtener información sensible mediante la captura de trafico de la red. It was discovered that UsernameTokens were sent in plain text by an Apache CXF client that used a Symmetric EncryptBeforeSigning password policy. A man-in-the-middle attacker could use this flaw to obtain the user name and password used by the client application using Apache CXF. • http://cxf.apache.org/security-advisories.data/CVE-2014-0035.txt.asc http://rhn.redhat.com/errata/RHSA-2014-0797.html http://rhn.redhat.com/errata/RHSA-2014-0798.html http://rhn.redhat.com/errata/RHSA-2014-0799.html http://rhn.redhat.com/errata/RHSA-2014-1351.html http://rhn.redhat.com/errata/RHSA-2015-0850.html http://rhn.redhat.com/errata/RHSA-2015-0851.html http://svn.apache.org/viewvc?view=revision&revision=1564724 https://lists.apache.org/thread.html/r36e44ffc • CWE-310: Cryptographic Issues CWE-522: Insufficiently Protected Credentials •
CVSS: 4.3EPSS: 0%CPEs: 43EXPL: 0CVE-2014-0109 – CXF: HTML content posted to SOAP endpoint could cause OOM errors
https://notcve.org/view.php?id=CVE-2014-0109
Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (memory consumption) via a large request with the Content-Type set to text/html to a SOAP endpoint, which triggers an error. Apache CXF anterior a 2.6.14 y 2.7.x anterior a 2.7.11 permite a atacantes remotos causar una denegación de servicio (consumo de memoria) a través de una solicitud grande con la configuración Content-Type hacia text/html hacia un endpoint SOAP, lo que provoca un error. A denial of service flaw was found in the way Apache CXF created error messages for certain POST requests. A remote attacker could send a specially crafted request which, when processed by an application using Apache CXF, could consume an excessive amount of memory on the system, possibly triggering an Out Of Memory (OOM) error. • http://rhn.redhat.com/errata/RHSA-2014-1351.html http://rhn.redhat.com/errata/RHSA-2015-0850.html http://rhn.redhat.com/errata/RHSA-2015-0851.html http://www.securitytracker.com/id/1030201 https://cxf.apache.org/security-advisories.data/CVE-2014-0109.txt.asc?version=1&modificationDate=1398873370740&api=v2 https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40&# • CWE-399: Resource Management Errors CWE-770: Allocation of Resources Without Limits or Throttling •