GHSA-38x2-fp9m-87mx

Suggest an improvement
Source
https://github.com/advisories/GHSA-38x2-fp9m-87mx
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-38x2-fp9m-87mx/GHSA-38x2-fp9m-87mx.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-38x2-fp9m-87mx
Aliases
  • CVE-2014-0034
Published
2022-05-13T01:09:20Z
Modified
2024-11-28T05:45:42.771650Z
Summary
Improper Input Validation in Apache CXF
Details

The SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an invalid SAML token.

Database specific
{
    "nvd_published_at": "2014-07-07T14:55:00Z",
    "cwe_ids": [
        "CWE-20"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-07T23:07:00Z"
}
References

Affected packages

Maven / org.apache.cxf:cxf-rt-ws-security

Package

Name
org.apache.cxf:cxf-rt-ws-security
View open source insights on deps.dev
Purl
pkg:maven/org.apache.cxf/cxf-rt-ws-security

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.6.12

Affected versions

2.*

2.0.6
2.0.7
2.0.8
2.0.9
2.0.10
2.0.11
2.0.12
2.0.13
2.1
2.1.1
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.1.9
2.1.10
2.2
2.2.1
2.2.2
2.2.3
2.2.4
2.2.5
2.2.6
2.2.7
2.2.8
2.2.9
2.2.10
2.2.11
2.2.12
2.3.0
2.3.1
2.3.2
2.3.3
2.3.4
2.3.5
2.3.6
2.3.7
2.3.8
2.3.9
2.3.10
2.3.11
2.4.0
2.4.1
2.4.2
2.4.3
2.4.4
2.4.5
2.4.6
2.4.7
2.4.8
2.4.9
2.4.10
2.5.0
2.5.1
2.5.2
2.5.3
2.5.4
2.5.5
2.5.6
2.5.7
2.5.8
2.5.9
2.5.10
2.5.11
2.6.0
2.6.1
2.6.2
2.6.3
2.6.4
2.6.5
2.6.6
2.6.7
2.6.8
2.6.9
2.6.10
2.6.11

Maven / org.apache.cxf:cxf-rt-ws-security

Package

Name
org.apache.cxf:cxf-rt-ws-security
View open source insights on deps.dev
Purl
pkg:maven/org.apache.cxf/cxf-rt-ws-security

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.7.0
Fixed
2.7.9

Affected versions

2.*

2.7.0
2.7.1
2.7.2
2.7.3
2.7.4
2.7.5
2.7.6
2.7.7
2.7.8