CVE-2016-4464

CRITICAL

Apache CXF Fediz 1.2.0-1.2.2 and 1.3.0 - Improper Access Control via SAML AudienceRestriction Bypass

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2016-4464. PoCs published by dawetmaster, andikahilmy.

AI-analyzed exploit summary This repository contains vulnerable code from Apache CXF Fediz, demonstrating CVE-2016-4464, which involves improper handling of security tokens. The code includes multiple examples of FederationService implementations that process and display user claims and tokens, potentially exposing sensitive information or allowing token manipulation.

Description

The application plugins in Apache CXF Fediz 1.2.x before 1.2.3 and 1.3.x before 1.3.1 do not match SAML AudienceRestriction values against configured audience URIs, which might allow remote attackers to have bypass intended restrictions and have unspecified other impact via a crafted SAML token with a trusted signature.

Exploits (2)

nomisec WORKING POC
by dawetmaster · poc
https://github.com/dawetmaster/CVE-2016-4464-cxf-fediz-vulnerable

This repository contains vulnerable code from Apache CXF Fediz, demonstrating CVE-2016-4464, which involves improper handling of security tokens. The code includes multiple examples of FederationService implementations that process and display user claims and tokens, potentially exposing sensitive information or allowing token manipulation.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Apache CXF Fediz (versions affected by CVE-2016-4464)
Auth required
Prerequisites: Access to a vulnerable Apache CXF Fediz instance · Valid authentication credentials to trigger token processing
devstral-2 · analyzed Mar 14, 2026 Full analysis →
nomisec WORKING POC
by andikahilmy · poc
https://github.com/andikahilmy/CVE-2016-4464-cxf-fediz-vulnerable

This repository contains a vulnerable version of Apache CXF Fediz, specifically demonstrating CVE-2016-4464. The code includes multiple examples of FederationService implementations that are susceptible to the vulnerability, allowing for potential exploitation in a federated identity scenario.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Apache CXF Fediz
No auth needed
Prerequisites: Access to a vulnerable Apache CXF Fediz instance
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (11)

Core 11
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/92905
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1036869
Mitigation, Vendor Advisory x_refsource_confirm
http://cxf.apache.org/security-advisories.data/CVE-2016-4464.txt.asc
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/09/08/20

Scores

CVSS v3 9.8
EPSS 0.0206
EPSS Percentile 84.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-284
Status published
Products (6)
apache/cxf_fediz 1.2.0
apache/cxf_fediz 1.2.1
apache/cxf_fediz 1.2.2
apache/cxf_fediz 1.3.0
org.apache.cxf.fediz/fediz-spring 1.2.0 - 1.2.3Maven
org.apache.cxf.fediz/fediz-spring2 1.2.0 - 1.2.3Maven
Published Sep 21, 2016
Tracked Since Feb 18, 2026