Lucene search
RedhatCVELIST:CVE-2014-3623HistoryOct 30, 2014 - 2:00 p.m.
CVE-2014-3623
2014-10-3014:00:00
redhat
raw.githubusercontent.com
3
Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does not properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vectors.
Related
nessus
nessus
Fedora 21 : wss4j-1.6.17-1.fc21 (2014-13831)
2014-11-03 00:00:00
Fedora 20 : wss4j-1.6.17-1.fc20 (2014-13720)
2014-11-07 00:00:00
RHEL 5 / 6 / 7 : JBoss EAP (RHSA-2014:2019)
2014-12-22 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: wss4j-1.6.17-1.fc20
2014-11-07 02:33:29
[SECURITY] Fedora 21 Update: wss4j-1.6.17-1.fc21
2014-11-01 17:15:43
github
github
Improper Authentication in Apache WSS4J
2022-05-13 01:09:20
prion
prion
Design/Logic Flaw
2014-10-30 14:55:00
cve
cve
CVE-2014-3623
2014-10-30 14:55:00
mageia
mageia
Updated wss4j packages fix CVE-2014-3623
2014-12-26 20:04:58
osv
osv
Improper Authentication in Apache WSS4J
2022-05-13 01:09:20
openvas
openvas
Fedora Update for wss4j FEDORA-2014-13720
2014-11-07 00:00:00
Mageia: Security Advisory (MGASA-2014-0552)
2022-01-28 00:00:00
ibm
ibm
redhat
redhat
(RHSA-2015:0236) Moderate: Red Hat JBoss Fuse/A-MQ 6.1.0 security and bug fix update
2015-02-18 21:24:02
(RHSA-2014:2019) Important: Red Hat JBoss Enterprise Application Platform 6.3.2 security update
2014-12-18 00:00:00
(RHSA-2015:0851) Important: Red Hat JBoss BPM Suite 6.1.0 update
2015-04-16 16:01:23