VDB
GCVE-110-MAGEIA-2014-557
GCVE-110-MAGEIA-2014-557
Advisory Published
Updated cxf packages fix security vulnerabilities:
An Apache CXF JAX-RS service can process SAML tokens received in the
authorization header of a request via the SamlHeaderInHandler. However it is
possible to cause an infinite loop in the parsing of this header by passing
certain bad values for the header, leading to a Denial of Service attack on
the service (CVE-2014-3584).
Apache CXF is vulnerable to a possible SSL hostname verification bypass, due
to a flaw in comparing the server hostname to the domain name in the Subject's
DN field. A Man In The Middle attack can exploit this vulnerability by using
a specially crafted Subject DN to spoof a valid certificate (CVE-2014-3577).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | cxf | 0 (affected), 2.7.5-3.1.mga4 (unaffected) | — |
Aliases
References
Browse GCVE Records
73,442 records in the GCVE database · Updated July 17, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.