Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does not properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vectors.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2014-10-30T14:00:00
Updated: 2024-08-06T10:50:17.711Z
Reserved: 2014-05-14T00:00:00
Link: CVE-2014-3623
Vulnrichment
No data.
NVD
Status : Modified
Published: 2014-10-30T14:55:07.833
Modified: 2024-11-21T02:08:31.560
Link: CVE-2014-3623
Redhat