CVE-2014-3623: Improper security semantics enforcement of SAML SubjectConfirmation methods

October 30, 2014 (updated April 13, 2018)

This package when using TransportBinding, does not properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vectors.

References

cxf.apache.org/security-advisories.data/CVE-2014-3623.txt.asc
bugzilla.redhat.com/CVE-2014-3623

Code Behaviors & Features

Detect and mitigate CVE-2014-3623 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →