CVE-2016-4464

CRITICAL

Apache Cxf Fediz < 1.2.3 - Improper Access Control

Title source: rule

Description

The application plugins in Apache CXF Fediz 1.2.x before 1.2.3 and 1.3.x before 1.3.1 do not match SAML AudienceRestriction values against configured audience URIs, which might allow remote attackers to have bypass intended restrictions and have unspecified other impact via a crafted SAML token with a trusted signature.

Exploits (2)

nomisec WORKING POC

by dawetmaster · poc

https://github.com/dawetmaster/CVE-2016-4464-cxf-fediz-vulnerable

View Code ZIP pw:eip

nomisec WORKING POC

by andikahilmy · poc

https://github.com/andikahilmy/CVE-2016-4464-cxf-fediz-vulnerable

View Code ZIP pw:eip

References (11)

[Mitigation, Vendor Advisory] http://cxf.apache.org/security-advisories.data/CVE-2016-4464.txt.asc

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2016/09/08/20

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1036869

[Various Sources] https://git-wip-us.apache.org/repos/asf?p=cxf-fediz.git%3Ba=commit%3Bh=0006581e9cacbeef46381a223e5671e524d416b6

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/92905

[Mailing List] https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E

Scores

CVSS v3 9.8

EPSS 0.0206

EPSS Percentile 84.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-284

Status published

Products (6)

apache/cxf_fediz 1.2.0

apache/cxf_fediz 1.2.1

apache/cxf_fediz 1.2.2

apache/cxf_fediz 1.3.0

org.apache.cxf.fediz/fediz-spring 1.2.0 - 1.2.3Maven

org.apache.cxf.fediz/fediz-spring2 1.2.0 - 1.2.3Maven

Published Sep 21, 2016

Tracked Since Feb 18, 2026