The application plugins in Apache CXF Fediz 1.2.x before 1.2.3 and 1.3.x before 1.3.1 do not match SAML AudienceRestriction values against configured audience URIs, which might allow remote attackers to have bypass intended restrictions and have unspecified other impact via a crafted SAML token with a trusted signature.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2016-09-21T18:00:00
Updated: 2021-06-16T11:06:09
Reserved: 2016-05-02T00:00:00
Link: CVE-2016-4464
JSON object: View
NVD Information
Status : Modified
Published: 2016-09-21T18:59:04.897
Modified: 2023-11-07T02:32:38.320
Link: CVE-2016-4464
JSON object: View
Redhat Information
No data.
CWE