|
|
Log in / Subscribe / Register

wss4j: authentication spoofing

Package(s):wss4j CVE #(s):CVE-2014-3623
Created:November 7, 2014 Updated:December 29, 2014
Description:

From the CVE entry:

Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vectors.

Alerts:
Mageia MGASA-2014-0552 wss4j 2014-12-26
Fedora FEDORA-2014-13720 wss4j 2014-11-07
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds