oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

New security advisories released for Apache CXF

From: Colm O hEigeartaigh <coheigea () apache org>
Date: Fri, 24 Oct 2014 19:10:21 +0100
Two new security advisories have been released for Apache CXF:

 - CVE-2014-3623: Apache CXF does not properly enforce the security
semantics of SAML SubjectConfirmation methods when used with the
TransportBinding

 - CVE-2014-3584: Apache CXF JAX-RS SAML handling is vulnerable to a Denial
of Service (DoS) attack

Advisories attached to this mail + also available via the CXF security
advisories page:

http://cxf.apache.org/security-advisories.html

Colm.

-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Attachment: CVE-2014-3584.txt.asc
Description:

Attachment: CVE-2014-3623.txt.asc
Description:

Previous By Date Next
Previous By Thread Next

Current thread: