CVE-2014-0035 in CXFinformazioni

Riassunto

di MITRE

The SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before 2.7.10, when EncryptBeforeSigning is enabled and the UsernameToken policy is set to an EncryptedSupportingToken, transmits the UsernameToken in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Prenotare

03/12/2013

Divulgazione

07/07/2014

Moderazione

accettato

CPE

pronto

EPSS

0.07053

KEV

no

Attività

molto basso

Fonti

Might our Artificial Intelligence support you?

Check our Alexa App!