7 matches found
Mageia: Security Advisory (MGASA-2016-0243)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
org.apache.cxf.fediz.examples:springPreauthWebapp (>=1.2.0 <=1.2.2), org.apache.cxf.fediz.examples:springWebapp (>=1.2.0 <=1.2.2) +3 more potentially affected by CVE-2016-4464 via org.apache.cxf.fediz:fediz-spring (>=1.2.0 <=1.2.2)
org.apache.cxf.fediz:fediz-spring MAVEN version =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.2 Source cves: CVE-2016-4464 Source advisory: OSV:GHSA-QPWJ-MVV7-V3M9...
org.apache.cxf.fediz.examples:jaxrsSpringSecurityWebapp (=1.3.0), org.apache.cxf.fediz.examples:springPreauthWebapp (=1.3.0) +4 more potentially affected by CVE-2016-4464 via org.apache.cxf.fediz:fediz-spring (=1.3.0)
org.apache.cxf.fediz:fediz-spring MAVEN version =1.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.cxf.fediz:fediz-spring and may be impacted: - org.apache.cxf.fediz.examples:jaxrsSpringSecurityWebapp =1.3.0 -...
org.apache.cxf.fediz.examples:spring2Webapp (>=1.2.0 <=1.2.2), org.apache.cxf.fediz.systests.webapps:fediz-systests-webapps-spring2 (>=1.2.0 <=1.2.2) +1 more potentially affected by CVE-2016-4464 via org.apache.cxf.fediz:fediz-spring2 (>=1.2.0 <=1.2.2)
org.apache.cxf.fediz:fediz-spring2 MAVEN version =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.2 Source cves: CVE-2016-4464 Source advisory: OSV:GHSA-QPWJ-MVV7-V3M9...
org.apache.cxf.fediz.examples:spring2Webapp (=1.3.0), org.apache.cxf.fediz.systests.webapps:fediz-systests-webapps-spring2 (=1.3.0) +1 more potentially affected by CVE-2016-4464 via org.apache.cxf.fediz:fediz-spring2 (=1.3.0)
org.apache.cxf.fediz:fediz-spring2 MAVEN version =1.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.cxf.fediz:fediz-spring2 and may be impacted: - org.apache.cxf.fediz.examples:spring2Webapp =1.3.0 -...
CVE-2016-4464
CVE-2016-4464 affects Apache CXF Fediz 1.2.x before 1.2.3 and 1.3.x before 1.3.1. The issue is a mismatch between SAML AudienceRestriction values and configured audience URIs, which may allow a remote attacker to bypass intended restrictions by presenting a crafted SAML token with a trusted signa...
Updated xerces-c packages fix security vulnerability
The Xerces-C XML parser fails to successfully parse a DTD that is deeply nested, and this causes a stack overflow, which makes a denial of service attack against many applications possible by an unauthenticated attacker CVE-2016-4464...