cxf: denial of service
| Package(s): | cxf | CVE #(s): | CVE-2014-3584 | ||||
| Created: | December 31, 2014 | Updated: | January 7, 2015 | ||||
| Description: | From the CVE entry:
The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted SAML token in the authorization header of a request to a JAX-RS service. | ||||||
| Alerts: |
| ||||||