EUVD-2008-5391

Malware in sbrugna...

EUVD-2022-2021

Malicious code in bioql PyPI...

EUVD-2022-4683

Malicious code in bioql PyPI...

Cleartext Transmission of Sensitive Information in Apache CXF

The SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before 2.7.10, when EncryptBeforeSigning is enabled and the UsernameToken policy is set to an EncryptedSupportingToken, transmits the UsernameToken in cleartext, which allows remote attackers to obtain sensitive information by sniffing th...

GHSA-V45R-RJ5X-HPG2 Cleartext Transmission of Sensitive Information in Apache CXF

The SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before 2.7.10, when EncryptBeforeSigning is enabled and the UsernameToken policy is set to an EncryptedSupportingToken, transmits the UsernameToken in cleartext, which allows remote attackers to obtain sensitive information by sniffing th...

Improper Authentication in Apache CXF

Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element...

CVE-2012-0803

The WS-SP UsernameToken policy in Apache CXF 2.4.5 and 2.5.1 allows remote attackers to bypass authentication by sending an empty UsernameToken as part of a SOAP request...

CVE-2012-0803

The WS-SP UsernameToken policy in Apache CXF 2.4.5 and 2.5.1 allows remote attackers to bypass authentication by sending an empty UsernameToken as part of a SOAP request...

CVE-2012-0803

Apache CXF CVE-2012-0803 affects CXF 2.4.5 and 2.5.1 where WS-SP UsernameToken policy validation against the security header UsernameToken is broken, allowing a malicious client to bypass authentication by sending an empty UsernameToken in a SOAP request. The issue arises from CXF not validating ...

CVE-2014-0035

The SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before 2.7.10, when EncryptBeforeSigning is enabled and the UsernameToken policy is set to an EncryptedSupportingToken, transmits the UsernameToken in cleartext, which allows remote attackers to obtain sensitive information by sniffing th...

CVE-2014-0035

The SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before 2.7.10, when EncryptBeforeSigning is enabled and the UsernameToken policy is set to an EncryptedSupportingToken, transmits the UsernameToken in cleartext, which allows remote attackers to obtain sensitive information by sniffing th...

Important: Red Hat Security Advisory: apache-cxf security update

An updated apache-cxf package for JBoss Enterprise Application Platform 6.0.1 which fixes two security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CV...

CVE-2013-0239

CVE-2013-0239 affects Apache CXF: versions before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3. When plaintext UsernameToken WS-SecurityPolicy is enabled, a security header containing a UsernameToken element with no password can bypass authentication. This is an authentication bypass vulnera...

CVE-2012-0803: Apache CXF does not validate UsernameToken policies correctly

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2012-0803: Apache CXF does not validate UsernameToken policies correctly Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache CXF 2.4.5 and 2.5.1 Description: CXF does not validate a WS-Security UsernameToken receiv...

WebSphere 7.0.0.3 UsernameToken 安全漏洞

No description provided by source...

IBM WebSphere Application Server < 6.1.0.23 Multiple Flaws

IBM WebSphere Application Server 6.1 before Fix Pack 23 appears to be installed on the remote host. Such versions are reportedly affected by multiple vulnerabilities : - Provided an attacker has valid credentials, it may be possible to hijack an authenticated session. PK66676 - It may be possible...

Code injection

The JAX-RPC WS-Security runtime in the Web Services Security component in IBM WebSphere Application Server WAS 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3, when APAR PK41002 is installed, does not properly validate UsernameToken objects, which has unknown impact and attack vectors...

CVE-2009-1172

The JAX-RPC WS-Security runtime in the Web Services Security component in IBM WebSphere Application Server WAS 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3, when APAR PK41002 is installed, does not properly validate UsernameToken objects, which has unknown impact and attack vectors...

Security feature bypass

Unspecified vulnerability in the Feature Pack for Web Services in the Web Services Security component in IBM WebSphere Application Server WAS 7 before 7.0.0.1 has unknown impact and attack vectors related to "userNameToken."...

CVE-2008-5414

IBM WebSphere Application Server 7.0 before Fix Pack 1 (i.e., before 7.0.0.1) is affected by a vulnerability in the Feature Pack for Web Services Web Services Security component related to the userNameToken, potentially enabling information disclosure. Connective sources (NVD/NVD-derived content ...