8 matches found
ai.platon.pulsar:pulsar-persist (>=1.9.0 <=1.10.23), com.argonio.gora:gora-accumulo (>=0.5 <=0.5.1) +94 more potentially affected by CVE-2014-3584 via org.apache.cxf:cxf-rt-frontend-jaxrs (>=2.5.0 <=2.6.10)
org.apache.cxf:cxf-rt-frontend-jaxrs MAVEN version =2.5.0, =1.9.0, =0.5, =0.5, =0.5, =0.5, =0.5, =0.5, =0.5, =1.0.M1, =1.0.M1, =1.0.M2, =0.6.1, =0.9 and more Source cves: CVE-2014-3584 Source advisory: OSV:GHSA-GW5J-77F9-V2G2...
com.argusoft:medplat_core (>=0.0.1 <=0.0.11), com.argusoft:medplat_lms (=0.0.1) +63 more potentially affected by CVE-2014-3584 via org.apache.cxf:cxf-rt-frontend-jaxrs (=3.0.0)
org.apache.cxf:cxf-rt-frontend-jaxrs MAVEN version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.cxf:cxf-rt-frontend-jaxrs and may be impacted: - com.argusoft:medplatcore =0.0.1, =0.1.0, =0.1.0, =0.0.6, =0.0.6, =0.0.6, =0.0.6, =0.0....
com.github.livesense:org.liveSense.sample.webServiceServlet (>=1.0.3 <=1.0.5), com.github.livesense:org.liveSense.service.cxf (>=1.0.3 <=1.0.5) +286 more potentially affected by CVE-2014-3584 via org.apache.cxf:cxf-rt-frontend-jaxrs (>=2.7.0 <=2.7.7)
org.apache.cxf:cxf-rt-frontend-jaxrs MAVEN version =2.7.0, =1.0.3, =1.0.3, =1.5, =1.5, =1.5, =1.5, =0.2.0, =0.2.0, =1.0.0, =0.4.0, =0.4.1, =0.6.0 - com.treelogic-swe:aws-mock =1.0 and more Source cves: CVE-2014-3584 Source advisory: OSV:GHSA-GW5J-77F9-V2G2...
Mageia: Security Advisory (MGASA-2014-0557)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: IBM Security Guardium is affected by Using Components with Known vulnerabilities (multiple CVEs)
Summary IBM Security Guardium is affected by Using Components with Known vulnerabilities. IBM Security Guardium has fixed these vulnerabilities Vulnerability Details CVEID: CVE-2014-3584 DESCRIPTION: Apache CXF is vulnerable to a denial of service, caused by the processing of SAML tokens received...
Updated cxf packages fix security vulnerabilities
Updated cxf packages fix security vulnerabilities: An Apache CXF JAX-RS service can process SAML tokens received in the authorization header of a request via the SamlHeaderInHandler. However it is possible to cause an infinite loop in the parsing of this header by passing certain bad values for t...
CVE-2014-3584
The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1 allows remote attackers to cause a denial of service infinite loop via a crafted SAML token in the authorization header of a request to a JAX-RS service...
CVE-2014-3584
The vulnerability CVE-2014-3584 affects Apache CXF’s SamlHeaderInHandler. In CXF versions before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1, a crafted SAML token in the authorization header to a JAX-RS service can trigger an infinite loop, causing a denial of service. Remediation is to up...