Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does not properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vectors.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apache CXF SAML SubjectConfirmation 授权问题漏洞
Vulnerability Description
Apache WSS4J是美国阿帕奇(Apache)软件基金会的一个Web服务安全规范(OASIS Web Service Security,WS-Security)的Java实现,它主要用来对SOAP消息进行签名和校验。 Apache CXF 2.7.13之前2.7.x版本和3.0.2之前3.0.x版本使用的Apache WSS4J 1.6.17之前版本和2.0.2之前2.x版本中存在授权问题漏洞,该漏洞源于程序使用TransportBinding时,没有正确执行SAML SubjectConfirma
CVSS Information
N/A
Vulnerability Type
N/A