6 matches found
CXF: UsernameTokens are sent in plaintext with a Symmetric EncryptBeforeSigning policy
It was discovered that UsernameTokens were sent in plain text by an Apache CXF client that used a Symmetric EncryptBeforeSigning password policy. A man-in-the-middle attacker could use this flaw to obtain the user name and password used by the client application using Apache CXF...
CXF: UsernameTokens are sent in plaintext with a Symmetric EncryptBeforeSigning policy
It was discovered that UsernameTokens were sent in plain text by an Apache CXF client that used a Symmetric EncryptBeforeSigning password policy. A man-in-the-middle attacker could use this flaw to obtain the user name and password used by the client application using Apache CXF...
CXF: UsernameTokens are sent in plaintext with a Symmetric EncryptBeforeSigning policy
It was discovered that UsernameTokens were sent in plain text by an Apache CXF client that used a Symmetric EncryptBeforeSigning password policy. A man-in-the-middle attacker could use this flaw to obtain the user name and password used by the client application using Apache CXF...
RHEL 6 : Red Hat JBoss Enterprise Application Platform 6.2.4 update (Moderate) (RHSA-2014:0799)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:0799 advisory. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. Apache CXF is an op...
CXF: UsernameTokens are sent in plaintext with a Symmetric EncryptBeforeSigning policy
It was discovered that UsernameTokens were sent in plain text by an Apache CXF client that used a Symmetric EncryptBeforeSigning password policy. A man-in-the-middle attacker could use this flaw to obtain the user name and password used by the client application using Apache CXF...
CXF: UsernameTokens are sent in plaintext with a Symmetric EncryptBeforeSigning policy
It was discovered that UsernameTokens were sent in plain text by an Apache CXF client that used a Symmetric EncryptBeforeSigning password policy. A man-in-the-middle attacker could use this flaw to obtain the user name and password used by the client application using Apache CXF...