EUVD-2022-2143

Malicious code in bioql PyPI...

Improper Input Validation in Apache CXF

The SecurityTokenService STS in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an invalid SAML token...

CXF: The SecurityTokenService accepts certain invalid SAML Tokens as valid

It was found that the SecurityTokenService STS, provided as a part of Apache CXF, could under certain circumstances accept invalid SAML tokens as valid. A remote attacker could use a specially crafted SAML token to gain access to an application that uses STS for validation of SAML tokens...

Important: Red Hat Security Advisory: Red Hat JBoss BRMS 6.1.0 update

Red Hat JBoss BRMS 6.1.0, which fixes multiple security issues, several bugs, and adds various enhancements, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores,...

CXF: The SecurityTokenService accepts certain invalid SAML Tokens as valid

It was found that the SecurityTokenService STS, provided as a part of Apache CXF, could under certain circumstances accept invalid SAML tokens as valid. A remote attacker could use a specially crafted SAML token to gain access to an application that uses STS for validation of SAML tokens...

CVE-2014-0034

The SecurityTokenService STS in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an invalid SAML token...

CVE-2014-0034

CVE-2014-0034 affects Apache CXF: the SecurityTokenService (STS) does not properly validate SAML tokens when caching is enabled, enabling a remote attacker to gain access with an invalid SAML token. Affected: CXF before 2.6.12 and 2.7.x before 2.7.9. Root cause: inadequate validation of SAML toke...

Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.2.4 update

Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.2.4 and fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security...

Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.2.4 update

Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.2.4 and fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate security...