CVE-2016-4464

Source
https://nvd.nist.gov/vuln/detail/CVE-2016-4464
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-4464.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-4464
Aliases
Published
2016-09-21T18:59:04Z
Modified
2024-10-12T01:55:57.719437Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

The application plugins in Apache CXF Fediz 1.2.x before 1.2.3 and 1.3.x before 1.3.1 do not match SAML AudienceRestriction values against configured audience URIs, which might allow remote attackers to have bypass intended restrictions and have unspecified other impact via a crafted SAML token with a trusted signature.

References

Affected packages

Git / github.com/apache/cxf-fediz

Affected ranges

Type
GIT
Repo
https://github.com/apache/cxf-fediz
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Last affected
Last affected
Last affected

Affected versions

fediz-1.*

fediz-1.2.0