Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does not properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vectors.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2014-10-30T14:00:00
Updated: 2021-06-16T11:07:05
Reserved: 2014-05-14T00:00:00
Link: CVE-2014-3623
JSON object: View
NVD Information
Status : Modified
Published: 2014-10-30T14:55:07.833
Modified: 2023-11-07T02:20:16.010
Link: CVE-2014-3623
JSON object: View
Redhat Information
No data.
CWE