CVE-2016-4464 in CXF Fedizالمعلومات

الملخص

بحسب MITRE

The application plugins in Apache CXF Fediz 1.2.x before 1.2.3 and 1.3.x before 1.3.1 do not match SAML AudienceRestriction values against configured audience URIs, which might allow remote attackers to have bypass intended restrictions and have unspecified other impact via a crafted SAML token with a trusted signature.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

حجز

02/05/2016

إفشاء

21/09/2016

الاعتدال

تمت الموافقة

إدخال

VDB-91818

CPE

جاهز

CWE

CWE-284 (مؤكد)

CVSS

9.8 (NVD)

EPSS

0.02058

KEV

لا

النشاطات

منخفض جدًا

القطاع

Chemical, Energy, ...

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-4464
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-4464
CVE Details	https://www.cvedetails.com/cve/CVE-2016-4464/

التالي ▸نظرة عامة ◂ السابق

Interested in the pricing of exploits?

See the underground prices here!