2014

  • CVE-2014-3623: Apache CXF does not properly enforce the security semantics of SAML SubjectConfirmation methods when used with the TransportBinding
  • CVE-2014-3584: Apache CXF JAX-RS SAML handling is vulnerable to a Denial of Service (DoS) attack
  • CVE-2014-0109: HTML content posted to SOAP endpoint could cause OOM errors
  • CVE-2014-0110: Large invalid content could cause temporary space to fill
  • CVE-2014-0034: The SecurityTokenService accepts certain invalid SAML Tokens as valid
  • CVE-2014-0035: UsernameTokens are sent in plaintext with a Symmetric EncryptBeforeSigning policy

2013

  • CVE-2013-2160 - Denial of Service Attacks on Apache CXF
  • Note on CVE-2012-5575 - XML Encryption backwards compatibility attack on Apache CXF.
  • CVE-2013-0239 - Authentication bypass in the case of WS-SecurityPolicy enabled plaintext UsernameTokens.

2012

  • CVE-2012-5633 - WSS4JInInterceptor always allows HTTP Get requests from browser.
  • Note on CVE-2011-2487 - Bleichenbacher attack against distributed symmetric key in WS-Security.
  • CVE-2012-3451 - Apache CXF is vulnerable to SOAP Action spoofing attacks on Document Literal web services.
  • CVE-2012-2379 - Apache CXF does not verify that elements were signed or encrypted by a particular Supporting Token.
  • CVE-2012-2378 - Apache CXF does not pick up some child policies of WS-SecurityPolicy 1.1 SupportingToken policy assertions on the client side.
  • Note on CVE-2011-1096 - XML Encryption flaw / Character pattern encoding attack.
  • CVE-2012-0803 - Apache CXF does not validate UsernameToken policies correctly.

2010