The SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an invalid SAML token.
cxf.apache.org/security-advisories.data/CVE-2014-0034.txt.asc
rhn.redhat.com/errata/RHSA-2014-0797.html
rhn.redhat.com/errata/RHSA-2014-0798.html
rhn.redhat.com/errata/RHSA-2014-0799.html
rhn.redhat.com/errata/RHSA-2014-1351.html
rhn.redhat.com/errata/RHSA-2015-0850.html
rhn.redhat.com/errata/RHSA-2015-0851.html
svn.apache.org/viewvc?view=revision&revision=1551228
www.securityfocus.com/bid/68441
lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E