The Apache Santuario XML Security for Java project is vulnerable to a Denial of Service (DoS) type attack leading to an OutOfMemoryError, which is caused by allowing Document Type Definitions (DTDs) when applying Transforms. From the 1.5.6 release onwards, DTDs will not be processed at all when the "secure validation" mode is enabled.
8718e8b28ba92f0c8d1021a89a00f91b0c89c346b43d6b5dba5031eb339cb16cApache CXF is vulnerable to SOAP Action spoofing attacks on Document Literal web services.
265093c0400de4893cfcfb8c5d295612e2d9b4b4da83727f2ebd03463249a7faApache CXF does not verify that elements were signed or encrypted by a particular Supporting Token. This affects all released versions as of 06/08/2012.
c9c7fa7be43cf530477727dcae683b3b6071776b83dccb3e1ab0dc315ec3a472Apache CXF does not pick up some child policies of WS-SecurityPolicy 1.1 SupportingToken policy assertions on the client side. Apache CXF versions 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.0 are affected.
9192946a363a63b454cdbfe47e3d089546ef6e6058eec8ac012d7080b7e47be8Apache CXF versions 2.4.5 and 2.5.1 fail to validate a WS-Security UsernameToken received as part of the security header of a SOAP request against a WS-SP UsernameToken policy.
b292e2def6610f71ed845303fc918ae45534205d8f616f67a68c79fe20ca97ba
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed