Lucene search
Gentoo FoundationMGASA-2014-0552HistoryDec 26, 2014 - 8:04 p.m.
Updated wss4j packages fix CVE-2014-3623
2014-12-2620:04:58
Gentoo Foundation
advisories.mageia.org
9
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.004 Low
EPSS
Percentile
73.9%
Updated wss4j packages fixes security vulnerability: Apache WSS4J before 1.6.17, when using TransportBinding, does not properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vectors (CVE-2014-3623).
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Mageia | 4 | noarch | wss4j | < 1.6.17-1 | wss4j-1.6.17-1.mga4 |
Related
nessus
nessus
Fedora 21 : wss4j-1.6.17-1.fc21 (2014-13831)
2014-11-03 00:00:00
Fedora 20 : wss4j-1.6.17-1.fc20 (2014-13720)
2014-11-07 00:00:00
RHEL 5 / 6 / 7 : JBoss EAP (RHSA-2014:2019)
2014-12-22 00:00:00
nvd
nvd
CVE-2014-3623
2014-10-30 14:55:07
cve
cve
CVE-2014-3623
2014-10-30 14:55:07
prion
prion
Design/Logic Flaw
2014-10-30 14:55:00
fedora
fedora
[SECURITY] Fedora 20 Update: wss4j-1.6.17-1.fc20
2014-11-07 02:33:29
[SECURITY] Fedora 21 Update: wss4j-1.6.17-1.fc21
2014-11-01 17:15:43
github
github
Improper Authentication in Apache WSS4J
2022-05-13 01:09:20
cvelist
cvelist
CVE-2014-3623
2014-10-30 14:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2014-0552)
2022-01-28 00:00:00
Fedora Update for wss4j FEDORA-2014-13720
2014-11-07 00:00:00
ibm
ibm
osv
osv
Improper Authentication in Apache WSS4J
2022-05-13 01:09:20
redhat
redhat
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.004 Low
EPSS
Percentile
73.9%
Related for MGASA-2014-0552