mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
102 lines
3.4 KiB
JSON
102 lines
3.4 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "secalert@redhat.com",
|
|
"ID": "CVE-2014-3623",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "n/a",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "n/a"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "n/a"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does not properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vectors."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "n/a"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"name": "70736",
|
|
"refsource": "BID",
|
|
"url": "http://www.securityfocus.com/bid/70736"
|
|
},
|
|
{
|
|
"name": "RHSA-2015:0675",
|
|
"refsource": "REDHAT",
|
|
"url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
|
|
},
|
|
{
|
|
"name": "[oss-security] 20141024 New security advisories released for Apache CXF",
|
|
"refsource": "MLIST",
|
|
"url": "http://seclists.org/oss-sec/2014/q4/437"
|
|
},
|
|
{
|
|
"name": "RHSA-2015:0850",
|
|
"refsource": "REDHAT",
|
|
"url": "http://rhn.redhat.com/errata/RHSA-2015-0850.html"
|
|
},
|
|
{
|
|
"name": "61909",
|
|
"refsource": "SECUNIA",
|
|
"url": "http://secunia.com/advisories/61909"
|
|
},
|
|
{
|
|
"name": "https://issues.apache.org/jira/browse/WSS-511",
|
|
"refsource": "CONFIRM",
|
|
"url": "https://issues.apache.org/jira/browse/WSS-511"
|
|
},
|
|
{
|
|
"name": "RHSA-2015:0851",
|
|
"refsource": "REDHAT",
|
|
"url": "http://rhn.redhat.com/errata/RHSA-2015-0851.html"
|
|
},
|
|
{
|
|
"name": "RHSA-2015:0236",
|
|
"refsource": "REDHAT",
|
|
"url": "http://rhn.redhat.com/errata/RHSA-2015-0236.html"
|
|
},
|
|
{
|
|
"name": "apache-cxf-cve20143623-sec-bypass(97754)",
|
|
"refsource": "XF",
|
|
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97754"
|
|
}
|
|
]
|
|
}
|
|
} |