Описание
The SAML Web SSO module in Apache CXF before 2.7.18, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote authenticated users to bypass authentication via a crafted SAML response with a valid signed assertion, related to a "wrapping attack."
Ссылки
- Vendor Advisory
- Third Party Advisory
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Third Party Advisory
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 2.7.18 (исключая)Версия от 3.0.0 (включая) до 3.0.7 (исключая)Версия от 3.1.0 (включая) до 3.1.3 (исключая)
Одно из
cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*
EPSS
Процентиль: 56%
0.00336
Низкий
4 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
redhat
около 10 лет назад
The SAML Web SSO module in Apache CXF before 2.7.18, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote authenticated users to bypass authentication via a crafted SAML response with a valid signed assertion, related to a "wrapping attack."
EPSS
Процентиль: 56%
0.00336
Низкий
4 Medium
CVSS2
Дефекты
CWE-264