The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted SAML token in the authorization header of a request to a JAX-RS service.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2014-10-30T14:00:00

Updated: 2024-08-06T10:50:17.625Z

Reserved: 2014-05-14T00:00:00

Link: CVE-2014-3584

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2014-10-30T14:55:07.660

Modified: 2024-11-21T02:08:27.013

Link: CVE-2014-3584

cve-icon Redhat

Severity : Moderate

Publid Date: 2014-10-25T00:00:00Z

Links: CVE-2014-3584 - Bugzilla