CVE-2014-3623 vulnerability in Apache Products
Published on October 30, 2014

Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does not properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vectors.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2014-3623

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2014-3623 are published in these products:

Apache CXF

Apache Wss4j

Exploit Probability

EPSS

2.49%

Percentile

85.05%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2014-3623 vulnerability in Apache ProductsPublished on October 30, 2014

Products Associated with CVE-2014-3623

Exploit Probability

CVE-2014-3623 vulnerability in Apache Products
Published on October 30, 2014