Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 24 Oct 2014 19:10:21 +0100
From: Colm O hEigeartaigh <>
To: "" <>, "" <>, 
	Apache Security Response Team <>,,
Subject: New security advisories released for Apache CXF

Two new security advisories have been released for Apache CXF:

 - CVE-2014-3623: Apache CXF does not properly enforce the security
semantics of SAML SubjectConfirmation methods when used with the

 - CVE-2014-3584: Apache CXF JAX-RS SAML handling is vulnerable to a Denial
of Service (DoS) attack

Advisories attached to this mail + also available via the CXF security
advisories page:


Colm O hEigeartaigh

Talend Community Coder

Content of type "text/html" skipped

View attachment "CVE-2014-3584.txt.asc" of type "text/plain" (1613 bytes)

View attachment "CVE-2014-3623.txt.asc" of type "text/plain" (1653 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ