CVE-2016-4464
EPSS 2.1%High severity vulnerability that affects org.apache.cxf.fediz:fediz-spring and org.apache.cxf.fediz:fediz-spring2
發布日:2018/10/18修改日:2024/12/2
描述
The application plugins in Apache CXF Fediz 1.2.x before 1.2.3 and 1.3.x before 1.3.1 do not match SAML AudienceRestriction values against configured audience URIs, which might allow remote attackers to have bypass intended restrictions and have unspecified other impact via a crafted SAML token with a trusted signature.
受影響套件(2)
- Maven/org.apache.cxf.fediz:fediz-spring>= 1.2.0, < 1.2.3
- Maven/org.apache.cxf.fediz:fediz-spring2>= 1.2.0, < 1.2.3
參考連結(13)
- ADVISORYhttps://github.com/advisories/GHSA-qpwj-mvv7-v3m9
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2016-4464
- WEBhttp://cxf.apache.org/security-advisories.data/CVE-2016-4464.txt.asc
- WEBhttps://git-wip-us.apache.org/repos/asf?p=cxf-fediz.git;a=commit;h=0006581e9cacbeef46381a223e5671e524d416b6
- WEBhttps://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
- WEBhttp://www.openwall.com/lists/oss-security/2016/09/08/20
- WEBhttp://www.securityfocus.com/bid/92905
- WEBhttp://www.securitytracker.com/id/1036869