CVE-2015-5253

Apache CXF <2.7.18, <3.0.7, <3.1.3 - Auth Bypass

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2015-5253. PoCs published by dawetmaster, andikahilmy.

AI-analyzed exploit summary The repository contains benchmark and performance testing code for Apache CXF but lacks any exploit code or technical details related to CVE-2015-5253. The README is a generic Apache CXF introduction without vulnerability-specific content.

Description

The SAML Web SSO module in Apache CXF before 2.7.18, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote authenticated users to bypass authentication via a crafted SAML response with a valid signed assertion, related to a "wrapping attack."

Exploits (2)

nomisec STUB

by dawetmaster · poc

https://github.com/dawetmaster/CVE-2015-5253-cxf-vulnerable

View Code ZIP pw:eip

The repository contains benchmark and performance testing code for Apache CXF but lacks any exploit code or technical details related to CVE-2015-5253. The README is a generic Apache CXF introduction without vulnerability-specific content.

Classification

Stub 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: Apache CXF

No auth needed

Prerequisites: none

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Mar 14, 2026 Full analysis →

nomisec STUB

by andikahilmy · poc

https://github.com/andikahilmy/CVE-2015-5253-cxf-vulnerable

View Code ZIP pw:eip

The repository contains benchmark and performance testing code for Apache CXF but lacks any exploit code or technical details related to CVE-2015-5253. The README is a generic Apache CXF introduction without vulnerability-specific content.

Classification

Stub 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: Apache CXF

No auth needed

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (11)

Core 11

Core References

Vendor Advisory x_refsource_confirm

http://cxf.apache.org/security-advisories.data/CVE-2015-5253.txt.asc

Various Sources x_refsource_confirm

https://git-wip-us.apache.org/repos/asf?p=cxf.git%3Ba=commitdiff%3Bh=845eccb6484b43ba02875c71e824db23ae4f20c0

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1034162

Third Party Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2016-0321.html

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2015/11/14/1

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E

Scores

EPSS 0.0034

EPSS Percentile 57.0%

Details

CWE

CWE-264

Status published

Products (2)

apache/cxf < 2.7.18

org.apache.cxf/cxf-rt-rs-security-sso-saml 0 - 2.7.18Maven

Published Nov 18, 2015

Tracked Since Feb 18, 2026