Description

The SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an invalid SAML token.

Remediation

References

CVE-2014-0034

Related Vulnerabilities

MySQL CVE-2016-3501 Vulnerability (CVE-2016-3501)

Sqlite NULL Pointer Dereference Vulnerability (CVE-2020-13632)

WordPress Plugin Event Registration 'id' Parameter SQL Injection (5.43)

Liferay DXP Cleartext Storage of Sensitive Information Vulnerability (CVE-2021-33323)

Elgg URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-11016)

Severity

Medium

Classification

CVE-2014-0034 CWE-20

Tags

Missing Update Known Vulnerabilities