CVE-2014-0034
Apache CXF < 2.6.12 and 2.7.x < 2.7.9 - Remote Access Control Bypass via Invalid SAML Token Caching
Title source: llmDescription
The SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an invalid SAML token.
References (15)
Core 15
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0798.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-0850.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0797.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-0851.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0799.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-1351.html
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
Vendor Advisory x_refsource_confirm
http://cxf.apache.org/security-advisories.data/CVE-2014-0034.txt.asc
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/68441
Patch x_refsource_confirm
http://svn.apache.org/viewvc?view=revision&revision=1551228
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
Scores
EPSS
0.0186
EPSS Percentile
83.4%
Details
CWE
CWE-20
Status
published
Products (24)
apache/cxf
2.6.0
apache/cxf
2.6.1
apache/cxf
2.6.2
apache/cxf
2.6.3
apache/cxf
2.6.4
apache/cxf
2.6.5
apache/cxf
2.6.6
apache/cxf
2.6.7
apache/cxf
2.6.8
apache/cxf
2.6.9
... and 14 more
Published
Jul 07, 2014
Tracked Since
Feb 18, 2026