The SAML Web SSO module in Apache CXF prior to 2.7.18, 3.0.x prior to 3.0.7, and 3.1.x prior to 3.1.3 allows remote authenticated users to bypass authentication via a crafted SAML response with a valid signed assertion, related to a "wrapping attack."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache cxf |