CVE-2014-0034

CVSS v2.0 4.3 (Medium)

EPSS 0.19 % (56^th)

Affected Products 2

Advisories 2

The SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an invalid SAML token.

Weaknesses

CWE-20: Improper Input Validation

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2014-07-07 14:55:03
(10 years ago)
Updated Date: 2023-11-07 02:18:05
(10 months ago)

Affected Products

Apache

Redhat

Jboss Enterprise Application Platform

Configuration #1

	CPE23	Up To
Apache Cxf 2.6.11 and prior versions	cpe:2.3:a:apache:cxf	<= 2.6.11
Apache Cxf 2.6.0	cpe:2.3:a:apache:cxf:2.6.0
Apache Cxf 2.6.1	cpe:2.3:a:apache:cxf:2.6.1
Apache Cxf 2.6.2	cpe:2.3:a:apache:cxf:2.6.2
Apache Cxf 2.6.3	cpe:2.3:a:apache:cxf:2.6.3
Apache Cxf 2.6.4	cpe:2.3:a:apache:cxf:2.6.4
Apache Cxf 2.6.5	cpe:2.3:a:apache:cxf:2.6.5
Apache Cxf 2.6.6	cpe:2.3:a:apache:cxf:2.6.6
Apache Cxf 2.6.7	cpe:2.3:a:apache:cxf:2.6.7
Apache Cxf 2.6.8	cpe:2.3:a:apache:cxf:2.6.8
Apache Cxf 2.6.9	cpe:2.3:a:apache:cxf:2.6.9
Apache Cxf 2.6.10	cpe:2.3:a:apache:cxf:2.6.10

Configuration #2

		CPE23	From	Up To
	Redhat Jboss Enterprise Application Platform 6.0.0	cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0
	Redhat Jboss Enterprise Application Platform 6.2.0	cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.0

Configuration #3

		CPE23	From	Up To
	Apache Cxf 2.7.0	cpe:2.3:a:apache:cxf:2.7.0
	Apache Cxf 2.7.1	cpe:2.3:a:apache:cxf:2.7.1
	Apache Cxf 2.7.2	cpe:2.3:a:apache:cxf:2.7.2
	Apache Cxf 2.7.3	cpe:2.3:a:apache:cxf:2.7.3
	Apache Cxf 2.7.4	cpe:2.3:a:apache:cxf:2.7.4
	Apache Cxf 2.7.5	cpe:2.3:a:apache:cxf:2.7.5
	Apache Cxf 2.7.6	cpe:2.3:a:apache:cxf:2.7.6
	Apache Cxf 2.7.7	cpe:2.3:a:apache:cxf:2.7.7
	Apache Cxf 2.7.8	cpe:2.3:a:apache:cxf:2.7.8