The SecurityTokenService (STS) in Apache CXF prior to 2.6.12 and 2.7.x prior to 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote malicious users to gain access via an invalid SAML token.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache cxf 2.6.8 |
||
apache cxf 2.6.0 |
||
apache cxf 2.6.2 |
||
apache cxf |
||
apache cxf 2.6.9 |
||
apache cxf 2.6.5 |
||
apache cxf 2.6.10 |
||
apache cxf 2.6.6 |
||
apache cxf 2.6.3 |
||
apache cxf 2.6.4 |
||
apache cxf 2.6.1 |
||
apache cxf 2.6.7 |
||
redhat jboss enterprise application platform 6.0.0 |
||
redhat jboss enterprise application platform 6.2.0 |
||
apache cxf 2.7.3 |
||
apache cxf 2.7.5 |
||
apache cxf 2.7.6 |
||
apache cxf 2.7.0 |
||
apache cxf 2.7.4 |
||
apache cxf 2.7.1 |
||
apache cxf 2.7.8 |
||
apache cxf 2.7.7 |
||
apache cxf 2.7.2 |