Lucene search

K

RedhatCVELIST:CVE-2014-0035

HistoryJul 07, 2014 - 2:00 p.m.

CVE-2014-0035

2014-07-0714:00:00

redhat

www.cve.org

7

AI Score

6

Confidence

Low

EPSS

0.002

Percentile

59.4%

The SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before 2.7.10, when EncryptBeforeSigning is enabled and the UsernameToken policy is set to an EncryptedSupportingToken, transmits the UsernameToken in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.

References

cxf.apache.org/security-advisories.data/CVE-2014-0035.txt.asc

rhn.redhat.com/errata/RHSA-2014-0797.html

rhn.redhat.com/errata/RHSA-2014-0798.html

rhn.redhat.com/errata/RHSA-2014-0799.html

rhn.redhat.com/errata/RHSA-2014-1351.html

rhn.redhat.com/errata/RHSA-2015-0850.html

rhn.redhat.com/errata/RHSA-2015-0851.html

svn.apache.org/viewvc?view=revision&revision=1564724

lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E

lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E

lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E

lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E

lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E

lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E

AI Score

6

Confidence

Low

EPSS

0.002

Percentile

59.4%

Related for CVELIST:CVE-2014-0035

cve1 github1 nvd1 prion1 osv1 nessus2 redhat6 veracode1 f52 ibm1