CVE-2016-4464
Description
The application plugins in Apache CXF Fediz 1.2.x before 1.2.3 and 1.3.x before 1.3.1 do not match SAML AudienceRestriction values against configured audience URIs, which might allow remote attackers to have bypass intended restrictions and have unspecified other impact via a crafted SAML token with a trusted signature.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
2.058
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2016-4464 are fixed in Apache - Fediz Spring 1.2.3 | Windows |
| Vulnerabilities CVE-2016-4464 are fixed in Apache - Fediz Spring 1.3.1 | Windows |
| Vulnerabilities CVE-2016-4464 are fixed in Apache-fediz-spring2 1.2.3 | Windows |
| Vulnerabilities CVE-2016-4464 are fixed in Apache-fediz-spring2 1.3.1 | Windows |
| Vulnerabilities CVE-2016-4464 are fixed in Apache - Fediz Spring for Linux 1.2.3 | Linux |
| Vulnerabilities CVE-2016-4464 are fixed in Apache - Fediz Spring for Linux 1.3.1 | Linux |
| Vulnerabilities CVE-2016-4464 are fixed in Apache-fediz-spring2 for Linux 1.2.3 | Linux |
| Vulnerabilities CVE-2016-4464 are fixed in Apache-fediz-spring2 for Linux 1.3.1 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234