The SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an invalid SAML token.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2014-07-07T14:00:00

Updated: 2024-08-06T08:58:26.633Z

Reserved: 2013-12-03T00:00:00

Link: CVE-2014-0034

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2014-07-07T14:55:03.347

Modified: 2024-11-21T02:01:13.093

Link: CVE-2014-0034

cve-icon Redhat

Severity : Moderate

Publid Date: 2014-05-01T00:00:00Z

Links: CVE-2014-0034 - Bugzilla