CVE-2014-3584CVE-2014-3584

Affected configuration(s):

cpe:/a:apache:cxf:2.6.1
cpe:/a:apache:cxf:2.6.10
cpe:/a:apache:cxf:2.7.0
cpe:/a:apache:cxf:2.7.1
cpe:/a:apache:cxf:2.7.2
cpe:/a:apache:cxf:2.7.3
cpe:/a:apache:cxf:2.7.4
cpe:/a:apache:cxf:2.7.5
cpe:/a:apache:cxf:2.7.6
cpe:/a:apache:cxf:2.7.7
cpe:/a:apache:cxf:3.0.0

Date published: 2014-10-30T10:55:07.660-04:00

Date last modified: 2017-08-28T21:34:48.140-04:00

CVSS Score: 5.0

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: http://cxf.apache.org/security-advisories.data/CVE-2014-3584.txt.asc

Summary: The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted SAML token in the authorization header of a request to a JAX-RS service.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.