CVE-2016-4464 in CXF Fedizinformação

Sumário

de MITRE

The application plugins in Apache CXF Fediz 1.2.x before 1.2.3 and 1.3.x before 1.3.1 do not match SAML AudienceRestriction values against configured audience URIs, which might allow remote attackers to have bypass intended restrictions and have unspecified other impact via a crafted SAML token with a trusted signature.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservar

02/05/2016

Divulgação

21/09/2016

Moderação

aceite

Entrada

VDB-91818

CPE

pronto

CWE

CWE-284 (confirmado)

CVSS

9.8 (NVD)

EPSS

0.02058

KEV

não

Atividades

muito baixo

Sector

Hospital, Police, ...

Fontes

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-4464
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-4464
CVE Details	https://www.cvedetails.com/cve/CVE-2016-4464/

◂ Voltar Visão Geral Próximo ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!