Search for packages
| purl | pkg:maven/org.apache.cxf/cxf-rt-ws-security@2.5.2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-6dpm-n1kk-5fer
Aliases: CVE-2012-5633 GHSA-xf9f-32gh-h2w4 |
The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request. |
Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-7ghg-a6dy-tkb2
Aliases: CVE-2014-0034 GHSA-38x2-fp9m-87mx |
The SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an invalid SAML token. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-akr4-z7v7-9qbc
Aliases: CVE-2013-0239 GHSA-p5c5-6564-vvr8 |
Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||