CalvinBackup/CVEs-PoC
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2026-03-30 00:40:29 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
ef21a24366f7bbc1220842143b6857a7549ce607
CVEs-PoC/2014/CVE-2014-3623.md
0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09
2025-09-29 21:09:30 +02:00

770 B
Raw Blame History

CVE-2014-3623

Description

Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does not properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vectors.

POC

Reference

No PoCs from references.

Github

Reference in New Issue View Git Blame Copy Permalink