11 matches found
Security Bulletin: A vulnerability in Apache WSS4J affects IBM Tivoli Business Service Manager (CVE-2014-3623)
Summary Apache WSS4J is shipped with IBM Tivoli Business Manager 6.2.0 as part of its web services infrastructure. Information about security vulnerabilities affecting Apache WSS4J has been published in a security bulletin. Vulnerability Details CVEID:CVE-2014-3623 DESCRIPTION: Apache CXF could...
br.net.woodstock.rockframework:rockframework-web (>=1.2.1 <=1.2.2), com.cybersource:cybersource-sdk-java (>=6.0.1 <=6.1.0) +333 more potentially affected by CVE-2014-3623 via org.apache.ws.security:wss4j (>=1.5.2 <=1.6.16)
org.apache.ws.security:wss4j MAVEN version =1.5.2, =1.2.1, =6.0.1, =1.0, =1.0.1, =1.1.0.Beta5, =1.1.0.Beta5, =1.1.0.Beta5, =1.1.0.Beta1, =1.0.0, =1.2.0 and more Source cves: CVE-2014-3623 Source advisory: OSV:GHSA-99V3-9X35-C5VF...
Mageia: Security Advisory (MGASA-2014-0552)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Important: Red Hat Security Advisory: Red Hat JBoss Data Virtualization 6.1.0 update
Red Hat JBoss Data Virtualization 6.1.0, which fixes multiple security issues and various bugs, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give...
MGASA-2014-0552 Updated wss4j packages fix CVE-2014-3623
Updated wss4j packages fixes security vulnerability: Apache WSS4J before 1.6.17, when using TransportBinding, does not properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vectors CVE-2014-3623...
Updated wss4j packages fix CVE-2014-3623
Updated wss4j packages fixes security vulnerability: Apache WSS4J before 1.6.17, when using TransportBinding, does not properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vectors CVE-2014-3623...
RHEL 5 / 6 / 7 : Red Hat JBoss Enterprise Application Platform 6.3.2 (RHSA-2014:2019)
The remote Redhat Enterprise Linux 5 / 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:2019 advisory. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.3.2 security update
Updated Red Hat JBoss Enterprise Application Platform 6.3.2 packages that fix three security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores,...
Fedora Update for wss4j FEDORA-2014-13720
Check the version of wss4j SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868458";...
Fedora 20 : wss4j-1.6.17-1.fc20 (2014-13720)
Security fix for CVE-2014-3623 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...
CVE-2014-3623
CVE-2014-3623 affects Apache WSS4J (used in Apache CXF) where, when configured with TransportBinding, it fails to properly enforce SAML SubjectConfirmation security semantics, enabling possible remote spoofing of web service endpoints. Affected versions: WSS4J before 1.6.17 and 2.x before 2.0.2 (...