SAML Security Vulnerability in Apache CXF and WSS4J
CVE-2014-3623

Currently unrated

Key Information:

Vendor: Apache
Status: Wss4j
Vendor: CVE Published:; 30 October 2014

Summary

A vulnerability in Apache WSS4J and Apache CXF allows for inadequate enforcement of SAML SubjectConfirmation method security semantics. This flaw can be exploited by remote attackers to conduct spoofing attacks. Proper implementation and security practices are crucial in preventing unauthorized access and ensuring data integrity.

References

http://www.securityfocus.com/bid/70736

vdb-entryx_refsource_BID

http://rhn.redhat.com/errata/RHSA-2015-0675.html

vendor-advisoryx_refsource_REDHAT

http://seclists.org/oss-sec/2014/q4/437

mailing-listx_refsource_MLIST

Timeline

Vulnerability published
Oct 30, 2014
Vulnerability Reserved
May 14, 2014