oss-sec mailing list archives
New SSL/TLS vulnerabilities in Apache CXF
From: Colm O hEigeartaigh <coheigea () apache org>
Date: Mon, 22 Dec 2014 12:00:28 +0000
Two new security vulnerabilities are announced in Apache CXF that are fixed in the latest 3.0.3 and 2.7.14 releases: a) Note on CVE-2014-3566 - SSL 3.0 support in Apache CXF, aka the "POODLE" attack b) CVE-2014-3577: Apache CXF SSL hostname verification bypass Both advisories are available here: http://cxf.apache.org/security-advisories.html Colm. -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
Current thread:
- New SSL/TLS vulnerabilities in Apache CXF Colm O hEigeartaigh (Dec 22)