Lucene search

PRIOn knowledge basePRION:CVE-2016-4464

HistorySep 21, 2016 - 6:59 p.m.

Authentication flaw

2016-09-2118:59:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

Low

0.02 Low

EPSS

Percentile

89.0%

JSON

The application plugins in Apache CXF Fediz 1.2.x before 1.2.3 and 1.3.x before 1.3.1 do not match SAML AudienceRestriction values against configured audience URIs, which might allow remote attackers to have bypass intended restrictions and have unspecified other impact via a crafted SAML token with a trusted signature.

CPENameOperatorVersion
cxf_fedizeq1.2.2
cxf_fedizeq1.2.0
cxf_fedizeq1.2.1
cxf_fedizeq1.3.0

Name	Operator	Version
cxf_fediz	eq	1.2.2
cxf_fediz	eq	1.2.0
cxf_fediz	eq	1.2.1
cxf_fediz	eq	1.3.0

References

cxf.apache.org/security-advisories.data/CVE-2016-4464.txt.asc

www.openwall.com/lists/oss-security/2016/09/08/20

www.securityfocus.com/bid/92905

www.securitytracker.com/id/1036869

git-wip-us.apache.org/repos/asf?p=cxf-fediz.git%3Ba=commit%3Bh=0006581e9cacbeef46381a223e5671e524d416b6

lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E

lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E

lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E

lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E

lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E

lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E