CVE-2014-3623
CXF: Improper security semantics enforcement of SAML SubjectConfirmation methods
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does not properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vectors.
Apache WSS4J anterior a versión 1.6.17 y versiones 2.x anteriores a 2.0.2, tal y como es usado en Apache CXF versiones 2.7.x anteriores a 2.7.13 y versiones 3.0.x anteriores a 3.0.2, cuando se usa TransportBinding, no se impone apropiadamente la semántica de seguridad del método SubjectConfirmation de SAML, que permite a los atacantes remotos conducir ataques de suplantación de identidad por medio de vectores no especificados.
It was found that Apache WSS4J (Web Services Security for Java), as used by Apache CXF with the TransportBinding, did not, by default, properly enforce all security requirements associated with SAML SubjectConfirmation methods. A remote attacker could use this flaw to perform various types of spoofing attacks on web service endpoints secured by WSS4J that rely on SAML for authentication.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-05-14 CVE Reserved
- 2014-10-30 CVE Published
- 2024-06-11 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
- CWE-347: Improper Verification of Cryptographic Signature
CAPEC
References (17)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2015-0236.html | 2023-11-07 | |
| http://rhn.redhat.com/errata/RHSA-2015-0675.html | 2023-11-07 | |
| http://rhn.redhat.com/errata/RHSA-2015-0850.html | 2023-11-07 | |
| http://rhn.redhat.com/errata/RHSA-2015-0851.html | 2023-11-07 | |
| https://issues.apache.org/jira/browse/WSS-511 | 2023-11-07 | |
| https://access.redhat.com/security/cve/CVE-2014-3623 | 2015-04-16 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1157304 | 2015-04-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apache Search vendor "Apache" | Wss4j Search vendor "Apache" for product "Wss4j" | < 1.6.17 Search vendor "Apache" for product "Wss4j" and version " < 1.6.17" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Wss4j Search vendor "Apache" for product "Wss4j" | >= 2.0.0 < 2.0.2 Search vendor "Apache" for product "Wss4j" and version " >= 2.0.0 < 2.0.2" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Cxf Search vendor "Apache" for product "Cxf" | >= 2.7.0 <= 2.7.13 Search vendor "Apache" for product "Cxf" and version " >= 2.7.0 <= 2.7.13" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Cxf Search vendor "Apache" for product "Cxf" | >= 3.0.0 < 3.0.2 Search vendor "Apache" for product "Cxf" and version " >= 3.0.0 < 3.0.2" | - |
Affected
| ||||||