Home

CVE-2014-0034

Description

The SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an invalid SAML token.

Risk Information

Base Score
8.6
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
EPSS Score
Exploitation Probability
1.861

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2014-0034 are fixed in Apache-cxf-rt-ws-security 2.6.12Windows
Vulnerabilities CVE-2014-0034 are fixed in Apache-cxf-rt-ws-security 2.7.9Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 6.0.0Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 6.2.0Windows
Vulnerabilities CVE-2014-0034 are fixed in Apache-cxf-rt-ws-security for Linux 2.6.12Linux
Vulnerabilities CVE-2014-0034 are fixed in Apache-cxf-rt-ws-security for Linux 2.7.9Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234