CVE-2014-3584: Denial of Service (DoS) via invalid JAX-RS SAML tokens

October 30, 2014 (updated May 14, 2024)

The SamlHeaderInHandler in this package allows remote attackers to cause a denial of service (infinite loop) via a crafted SAML token in the authorization header of a request to a JAX-RS service.

References

cxf.apache.org/security-advisories.data/CVE-2014-3584.txt.asc
bugzilla.redhat.com/CVE-2014-3584
issues.apache.org/jira/browse/CXF-5390

Code Behaviors & Features

Detect and mitigate CVE-2014-3584 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →