5 matches found
org.apache.cxf:apache-cxf (>=2.7.10 <=2.7.17) potentially affected by CVE-2015-5253 via org.apache.cxf:cxf-rt-rs-security-sso-saml (>=2.7.10 <=2.7.17)
org.apache.cxf:cxf-rt-rs-security-sso-saml MAVEN version =2.7.10, =2.7.10, =2.7.17 Source cves: CVE-2015-5253 Source advisory: OSV:GHSA-3336-H95J-HVVF...
com.eurodyn.qlack2.util:qlack2-util-apache-santuario-fragment (>=2.3.3 <=2.3.19), com.eurodyn.qlack2.util:qlack2-util-sso (>=2.3.3 <=2.3.19) +10 more potentially affected by CVE-2015-5253 via org.apache.cxf:cxf-rt-rs-security-sso-saml (>=3.1.0 <=3.1.2)
org.apache.cxf:cxf-rt-rs-security-sso-saml MAVEN version =3.1.0, =2.3.3, =2.3.3, =1.3.2, =1.4.0, =1.3.2, =1.4.0, =3.1.0, =3.1.0, =2.0.3, =2.0.3, =5.2.0-RC1, =5.2.0-RC3 Source cves: CVE-2015-5253 Source advisory: OSV:GHSA-3336-H95J-HVVF...
org.apache.cxf.fediz.systests.federation:fediz-systests-federation-samlIdpWebapp (>=1.2.0 <=1.2.4), org.apache.cxf.fediz:fediz-idp (>=1.2.0 <=1.2.4) +2 more potentially affected by CVE-2015-5253 via org.apache.cxf:cxf-rt-rs-security-sso-saml (>=3.0.0 <=3.0.6)
org.apache.cxf:cxf-rt-rs-security-sso-saml MAVEN version =3.0.0, =1.2.0, =1.2.0, =3.0.5, =3.0.0, =3.0.16 Source cves: CVE-2015-5253 Source advisory: OSV:GHSA-3336-H95J-HVVF...
Moderate: Red Hat Security Advisory: Red Hat JBoss Fuse 6.2.1 update
Red Hat JBoss Fuse 6.2.1 Rollup Patch 1, which fixes one security issue and includes several bug fixes and various enhancements, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring...
CVE-2015-5253
CVE-2015-5253 affects Apache CXF SAML Web SSO module: remote authenticated bypass via a crafted SAML response with a valid signed assertion, related to a wrapping attack. Affected versions include CXF before 2.7.18, 3.0.x before 3.0.7, and 3.1.x before 3.1.3. The vulnerability can bypass authenti...