CVE-2014-0034 — Vulnetix

CVE-2014-0034 PUBLISHED

Reported by redhat · Published July 7, 2014

The SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an invalid SAML token.

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
n/a	n/a	*, n/a, n/a
Maven	org.apache.cxf:cxf-rt-ws-security	0, 0

Timeline

Jul 7, 2014 CVE Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
May 20, 2022 EPSS Score
Jul 7, 2022 CVE Updated
Jul 12, 2022 EPSS Score
Sep 3, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Feb 8, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 2, 2023 EPSS Score
May 25, 2023 EPSS Score

References

RHSA-2014:0798 vendor-advisoryx_refsource_REDHAT
x_refsource_CONFIRM
68441 vdb-entryx_refsource_BID
x_refsource_CONFIRM
RHSA-2015:0850 vendor-advisoryx_refsource_REDHAT
RHSA-2014:0797 vendor-advisoryx_refsource_REDHAT
RHSA-2015:0851 vendor-advisoryx_refsource_REDHAT
RHSA-2014:0799 vendor-advisoryx_refsource_REDHAT
RHSA-2014:1351 vendor-advisoryx_refsource_REDHAT
[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html mailing-listx_refsource_MLIST
[cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html mailing-listx_refsource_MLIST
[cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html mailing-listx_refsource_MLIST
[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html mailing-listx_refsource_MLIST
[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html mailing-listx_refsource_MLIST
[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html mailing-listx_refsource_MLIST
https://nvd.nist.gov/vuln/detail/CVE-2014-0034 advisory
https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E url
https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E url
https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E url
https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E url

…and 3 more

Open in Interactive Console →