Lucene search
K

6 matches found

RedHat Linux
RedHat Linux
added 2015/04/16 4:2 p.m.8 views

CXF: UsernameTokens are sent in plaintext with a Symmetric EncryptBeforeSigning policy

It was discovered that UsernameTokens were sent in plain text by an Apache CXF client that used a Symmetric EncryptBeforeSigning password policy. A man-in-the-middle attacker could use this flaw to obtain the user name and password used by the client application using Apache CXF...

4.3CVSS7.3AI score0.07053EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/04/16 4:2 p.m.7 views

CXF: UsernameTokens are sent in plaintext with a Symmetric EncryptBeforeSigning policy

It was discovered that UsernameTokens were sent in plain text by an Apache CXF client that used a Symmetric EncryptBeforeSigning password policy. A man-in-the-middle attacker could use this flaw to obtain the user name and password used by the client application using Apache CXF...

4.3CVSS7.3AI score0.07053EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2014/10/01 6:10 p.m.7 views

CXF: UsernameTokens are sent in plaintext with a Symmetric EncryptBeforeSigning policy

It was discovered that UsernameTokens were sent in plain text by an Apache CXF client that used a Symmetric EncryptBeforeSigning password policy. A man-in-the-middle attacker could use this flaw to obtain the user name and password used by the client application using Apache CXF...

4.3CVSS7.3AI score0.07053EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2014/06/28 12:0 a.m.39 views

RHEL 6 : Red Hat JBoss Enterprise Application Platform 6.2.4 update (Moderate) (RHSA-2014:0799)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:0799 advisory. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. Apache CXF is an op...

5CVSS7.9AI score0.07405EPSS
Exploits0References26
RedHat Linux
RedHat Linux
added 2014/06/26 3:11 p.m.5 views

CXF: UsernameTokens are sent in plaintext with a Symmetric EncryptBeforeSigning policy

It was discovered that UsernameTokens were sent in plain text by an Apache CXF client that used a Symmetric EncryptBeforeSigning password policy. A man-in-the-middle attacker could use this flaw to obtain the user name and password used by the client application using Apache CXF...

4.3CVSS7.3AI score0.07053EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2014/06/26 3:0 p.m.8 views

CXF: UsernameTokens are sent in plaintext with a Symmetric EncryptBeforeSigning policy

It was discovered that UsernameTokens were sent in plain text by an Apache CXF client that used a Symmetric EncryptBeforeSigning password policy. A man-in-the-middle attacker could use this flaw to obtain the user name and password used by the client application using Apache CXF...

4.3CVSS7.3AI score0.07053EPSS
Exploits0References4
Rows per page
Query Builder