CVE-2014-0035

Опубликовано: 07 июл. 2014

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

The SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before 2.7.10, when EncryptBeforeSigning is enabled and the UsernameToken policy is set to an EncryptedSupportingToken, transmits the UsernameToken in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*

Версия до 2.6.12 (включая)

cpe:2.3:a:apache:cxf:2.6.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:cxf:2.6.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:cxf:2.6.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:cxf:2.6.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:cxf:2.6.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:cxf:2.6.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:cxf:2.6.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:cxf:2.6.7:*:*:*:*:*:*:*

cpe:2.3:a:apache:cxf:2.6.8:*:*:*:*:*:*:*

cpe:2.3:a:apache:cxf:2.6.9:*:*:*:*:*:*:*

cpe:2.3:a:apache:cxf:2.6.10:*:*:*:*:*:*:*

cpe:2.3:a:apache:cxf:2.6.11:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:apache:cxf:2.7.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:cxf:2.7.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:cxf:2.7.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:cxf:2.7.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:cxf:2.7.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:cxf:2.7.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:cxf:2.7.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:cxf:2.7.7:*:*:*:*:*:*:*

cpe:2.3:a:apache:cxf:2.7.8:*:*:*:*:*:*:*

cpe:2.3:a:apache:cxf:2.7.9:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.0:*:*:*:*:*:*:*

EPSS

Процентиль: 76%

0.00956

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-310

Связанные уязвимости

CVE-2014-0035

redhat

почти 12 лет назад

GHSA-v45r-rj5x-hpg2

github

больше 3 лет назад

Cleartext Transmission of Sensitive Information in Apache CXF

EPSS

Процентиль: 76%

0.00956

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-310