You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Colm O hEigeartaigh <co...@apache.org> on 2014/10/24 20:10:21 UTC
New security advisories released for Apache CXF
Two new security advisories have been released for Apache CXF:
- CVE-2014-3623: Apache CXF does not properly enforce the security
semantics of SAML SubjectConfirmation methods when used with the
TransportBinding
- CVE-2014-3584: Apache CXF JAX-RS SAML handling is vulnerable to a Denial
of Service (DoS) attack
Advisories attached to this mail + also available via the CXF security
advisories page:
http://cxf.apache.org/security-advisories.html
Colm.
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com