Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 24 Oct 2014 19:10:21 +0100
From: Colm O hEigeartaigh <coheigea@...che.org>
To: "users@....apache.org" <users@....apache.org>, "dev@....apache.org" <dev@....apache.org>, 
	Apache Security Response Team <security@...che.org>, oss-security@...ts.openwall.com, 
	bugtraq@...urityfocus.com
Subject: New security advisories released for Apache CXF

Two new security advisories have been released for Apache CXF:

 - CVE-2014-3623: Apache CXF does not properly enforce the security
semantics of SAML SubjectConfirmation methods when used with the
TransportBinding

 - CVE-2014-3584: Apache CXF JAX-RS SAML handling is vulnerable to a Denial
of Service (DoS) attack

Advisories attached to this mail + also available via the CXF security
advisories page:

http://cxf.apache.org/security-advisories.html

Colm.

-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Content of type "text/html" skipped

View attachment "CVE-2014-3584.txt.asc" of type "text/plain" (1613 bytes)

View attachment "CVE-2014-3623.txt.asc" of type "text/plain" (1653 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ