Author: buildbot
Date: Tue Aug 25 15:47:36 2015
New Revision: 963055
Log:
Production update by buildbot for cxf
Modified:
websites/production/cxf/content/cache/main.pageCache
websites/production/cxf/content/security-advisories.html
Modified: websites/production/cxf/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.
Modified: websites/production/cxf/content/security-advisories.html
==============================================================================
--- websites/production/cxf/content/security-advisories.html (original)
+++ websites/production/cxf/content/security-advisories.html Tue Aug 25
15:47:36 2015
@@ -99,7 +99,7 @@ Apache CXF -- Security Advisories
<td height="100%">
<!-- Content -->
<div class="wiki-content">
-<div id="ConfluenceContent"><h3
id="SecurityAdvisories-2014">2014</h3><ul><li><a shape="rect"
href="security-advisories.data/CVE-2014-3577.txt.asc?version=1&modificationDate=1419245371000&api=v2"
data-linked-resource-id="51183657" data-linked-resource-version="1"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2014-3577.txt.asc" data-nice-type="Text
File" data-linked-resource-content-type="text/plain"
data-linked-resource-container-id="27837502"
data-linked-resource-container-version="18">CVE-2014-3577</a>: Apache CXF SSL
hostname verification bypass</li><li><a shape="rect"
href="security-advisories.data/CVE-2014-3566.txt.asc?version=1&modificationDate=1418740474000&api=v2"
data-linked-resource-id="50561078" data-linked-resource-version="1"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2014-3566.txt.asc" data-nice-type="Text
File" data-linked-resource-content-type="text/plain" data-linked-resource-contai
ner-id="27837502" data-linked-resource-container-version="18">Note on
CVE-2014-3566</a>: SSL 3.0 support in Apache CXF, aka the "POODLE"
attack.</li><li><a shape="rect"
href="security-advisories.data/CVE-2014-3623.txt.asc?version=1&modificationDate=1414169368000&api=v2"
data-linked-resource-id="47743195" data-linked-resource-version="1"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2014-3623.txt.asc" data-nice-type="Text
File" data-linked-resource-content-type="text/plain"
data-linked-resource-container-id="27837502"
data-linked-resource-container-version="18">CVE-2014-3623</a>: Apache CXF does
not properly enforce the security semantics of SAML SubjectConfirmation methods
when used with the TransportBinding</li><li><a shape="rect"
href="security-advisories.data/CVE-2014-3584.txt.asc?version=1&modificationDate=1414169326000&api=v2"
data-linked-resource-id="47743194" data-linked-resource-version="1"
data-linked-resource-type="attachmen
t" data-linked-resource-default-alias="CVE-2014-3584.txt.asc"
data-nice-type="Text File" data-linked-resource-content-type="text/plain"
data-linked-resource-container-id="27837502"
data-linked-resource-container-version="18">CVE-2014-3584</a>: Apache CXF
JAX-RS SAML handling is vulnerable to a Denial of Service (DoS)
attack</li><li><a shape="rect"
href="security-advisories.data/CVE-2014-0109.txt.asc?version=1&modificationDate=1398873370000&api=v2"
data-linked-resource-id="40895138" data-linked-resource-version="1"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2014-0109.txt.asc" data-nice-type="Text
File" data-linked-resource-content-type="text/plain"
data-linked-resource-container-id="27837502"
data-linked-resource-container-version="18">CVE-2014-0109</a>: HTML content
posted to SOAP endpoint could cause OOM errors</li><li><a shape="rect"
href="security-advisories.data/CVE-2014-0110.txt.asc?version=1&modificationDate=1398873378000&api
=v2" data-linked-resource-id="40895139" data-linked-resource-version="1"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2014-0110.txt.asc" data-nice-type="Text
File" data-linked-resource-content-type="text/plain"
data-linked-resource-container-id="27837502"
data-linked-resource-container-version="18">CVE-2014-0110</a>: Large invalid
content could cause temporary space to fill</li><li><a shape="rect"
href="security-advisories.data/CVE-2014-0034.txt.asc?version=1&modificationDate=1398873385000&api=v2"
data-linked-resource-id="40895140" data-linked-resource-version="1"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2014-0034.txt.asc" data-nice-type="Text
File" data-linked-resource-content-type="text/plain"
data-linked-resource-container-id="27837502"
data-linked-resource-container-version="18">CVE-2014-0034</a>: The
SecurityTokenService accepts certain invalid SAML Tokens as valid</li><li><a
shape="rect" href="secu
rity-advisories.data/CVE-2014-0035.txt.asc?version=1&modificationDate=1398873391000&api=v2"
data-linked-resource-id="40895141" data-linked-resource-version="1"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2014-0035.txt.asc" data-nice-type="Text
File" data-linked-resource-content-type="text/plain"
data-linked-resource-container-id="27837502"
data-linked-resource-container-version="18">CVE-2014-0035</a>: UsernameTokens
are sent in plaintext with a Symmetric EncryptBeforeSigning policy</li></ul><h3
id="SecurityAdvisories-2013">2013</h3><ul><li><a shape="rect"
href="security-advisories.data/CVE-2013-2160.txt.asc?version=1&modificationDate=1372324301000&api=v2"
data-linked-resource-id="33095710" data-linked-resource-version="1"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2013-2160.txt.asc" data-nice-type="Text
File" data-linked-resource-content-type="text/plain"
data-linked-resource-container-id="2783750
2" data-linked-resource-container-version="18">CVE-2013-2160</a> - Denial of
Service Attacks on Apache CXF</li><li><a shape="rect"
href="cve-2012-5575.html">Note on CVE-2012-5575</a> - XML Encryption backwards
compatibility attack on Apache CXF.</li><li><a shape="rect"
href="cve-2013-0239.html">CVE-2013-0239</a> - Authentication bypass in the case
of WS-SecurityPolicy enabled plaintext UsernameTokens.</li></ul><h3
id="SecurityAdvisories-2012">2012</h3><ul><li><a shape="rect"
href="cve-2012-5633.html">CVE-2012-5633</a> - WSS4JInInterceptor always allows
HTTP Get requests from browser.</li><li><a shape="rect"
href="note-on-cve-2011-2487.html">Note on CVE-2011-2487</a> - Bleichenbacher
attack against distributed symmetric key in WS-Security.</li><li><a
shape="rect" href="cve-2012-3451.html">CVE-2012-3451</a> - Apache CXF is
vulnerable to SOAP Action spoofing attacks on Document Literal web
services.</li><li><a shape="rect" href="cve-2012-2379.html">CVE-2012-2379</a> -
Apache CXF does n
ot verify that elements were signed or encrypted by a particular Supporting
Token.</li><li><a shape="rect" href="cve-2012-2378.html">CVE-2012-2378</a> -
Apache CXF does not pick up some child policies of WS-SecurityPolicy 1.1
SupportingToken policy assertions on the client side.</li><li><a shape="rect"
href="note-on-cve-2011-1096.html">Note on CVE-2011-1096</a> - XML Encryption
flaw / Character pattern encoding attack.</li><li><a shape="rect"
href="cve-2012-0803.html">CVE-2012-0803</a> - Apache CXF does not validate
UsernameToken policies correctly.</li></ul><h3
id="SecurityAdvisories-2010">2010</h3><ul><li><a shape="rect"
class="external-link"
href="http://svn.apache.org/repos/asf/cxf/trunk/security/CVE-2010-2076.pdf";>CVE-2010-2076</a>
- DTD based XML attacks.</li></ul></div>
+<div id="ConfluenceContent"><h3
id="SecurityAdvisories-2015">2015</h3><p> </p><h3
id="SecurityAdvisories-2014">2014</h3><ul><li><a shape="rect"
href="security-advisories.data/CVE-2014-3577.txt.asc?version=1&modificationDate=1419245371000&api=v2"
data-linked-resource-id="51183657" data-linked-resource-version="1"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2014-3577.txt.asc" data-nice-type="Text
File" data-linked-resource-content-type="text/plain"
data-linked-resource-container-id="27837502"
data-linked-resource-container-version="19">CVE-2014-3577</a>: Apache CXF SSL
hostname verification bypass</li><li><a shape="rect"
href="security-advisories.data/CVE-2014-3566.txt.asc?version=1&modificationDate=1418740474000&api=v2"
data-linked-resource-id="50561078" data-linked-resource-version="1"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2014-3566.txt.asc" data-nice-type="Text
File" data-linked-resourc
e-content-type="text/plain" data-linked-resource-container-id="27837502"
data-linked-resource-container-version="19">Note on CVE-2014-3566</a>: SSL 3.0
support in Apache CXF, aka the "POODLE" attack.</li><li><a shape="rect"
href="security-advisories.data/CVE-2014-3623.txt.asc?version=1&modificationDate=1414169368000&api=v2"
data-linked-resource-id="47743195" data-linked-resource-version="1"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2014-3623.txt.asc" data-nice-type="Text
File" data-linked-resource-content-type="text/plain"
data-linked-resource-container-id="27837502"
data-linked-resource-container-version="19">CVE-2014-3623</a>: Apache CXF does
not properly enforce the security semantics of SAML SubjectConfirmation methods
when used with the TransportBinding</li><li><a shape="rect"
href="security-advisories.data/CVE-2014-3584.txt.asc?version=1&modificationDate=1414169326000&api=v2"
data-linked-resource-id="47743194" data-linked-re
source-version="1" data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2014-3584.txt.asc" data-nice-type="Text
File" data-linked-resource-content-type="text/plain"
data-linked-resource-container-id="27837502"
data-linked-resource-container-version="19">CVE-2014-3584</a>: Apache CXF
JAX-RS SAML handling is vulnerable to a Denial of Service (DoS)
attack</li><li><a shape="rect"
href="security-advisories.data/CVE-2014-0109.txt.asc?version=1&modificationDate=1398873370000&api=v2"
data-linked-resource-id="40895138" data-linked-resource-version="1"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2014-0109.txt.asc" data-nice-type="Text
File" data-linked-resource-content-type="text/plain"
data-linked-resource-container-id="27837502"
data-linked-resource-container-version="19">CVE-2014-0109</a>: HTML content
posted to SOAP endpoint could cause OOM errors</li><li><a shape="rect"
href="security-advisories.data/CVE-2014-0110.txt.a
sc?version=1&modificationDate=1398873378000&api=v2"
data-linked-resource-id="40895139" data-linked-resource-version="1"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2014-0110.txt.asc" data-nice-type="Text
File" data-linked-resource-content-type="text/plain"
data-linked-resource-container-id="27837502"
data-linked-resource-container-version="19">CVE-2014-0110</a>: Large invalid
content could cause temporary space to fill</li><li><a shape="rect"
href="security-advisories.data/CVE-2014-0034.txt.asc?version=1&modificationDate=1398873385000&api=v2"
data-linked-resource-id="40895140" data-linked-resource-version="1"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2014-0034.txt.asc" data-nice-type="Text
File" data-linked-resource-content-type="text/plain"
data-linked-resource-container-id="27837502"
data-linked-resource-container-version="19">CVE-2014-0034</a>: The
SecurityTokenService accepts certain invalid
SAML Tokens as valid</li><li><a shape="rect"
href="security-advisories.data/CVE-2014-0035.txt.asc?version=1&modificationDate=1398873391000&api=v2"
data-linked-resource-id="40895141" data-linked-resource-version="1"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2014-0035.txt.asc" data-nice-type="Text
File" data-linked-resource-content-type="text/plain"
data-linked-resource-container-id="27837502"
data-linked-resource-container-version="19">CVE-2014-0035</a>: UsernameTokens
are sent in plaintext with a Symmetric EncryptBeforeSigning policy</li></ul><h3
id="SecurityAdvisories-2013">2013</h3><ul><li><a shape="rect"
href="security-advisories.data/CVE-2013-2160.txt.asc?version=1&modificationDate=1372324301000&api=v2"
data-linked-resource-id="33095710" data-linked-resource-version="1"
data-linked-resource-type="attachment"
data-linked-resource-default-alias="CVE-2013-2160.txt.asc" data-nice-type="Text
File" data-linked-resource-content-type=
"text/plain" data-linked-resource-container-id="27837502"
data-linked-resource-container-version="19">CVE-2013-2160</a> - Denial of
Service Attacks on Apache CXF</li><li><a shape="rect"
href="cve-2012-5575.html">Note on CVE-2012-5575</a> - XML Encryption backwards
compatibility attack on Apache CXF.</li><li><a shape="rect"
href="cve-2013-0239.html">CVE-2013-0239</a> - Authentication bypass in the case
of WS-SecurityPolicy enabled plaintext UsernameTokens.</li></ul><h3
id="SecurityAdvisories-2012">2012</h3><ul><li><a shape="rect"
href="cve-2012-5633.html">CVE-2012-5633</a> - WSS4JInInterceptor always allows
HTTP Get requests from browser.</li><li><a shape="rect"
href="note-on-cve-2011-2487.html">Note on CVE-2011-2487</a> - Bleichenbacher
attack against distributed symmetric key in WS-Security.</li><li><a
shape="rect" href="cve-2012-3451.html">CVE-2012-3451</a> - Apache CXF is
vulnerable to SOAP Action spoofing attacks on Document Literal web
services.</li><li><a shape="rect" href="cv
e-2012-2379.html">CVE-2012-2379</a> - Apache CXF does not verify that elements
were signed or encrypted by a particular Supporting Token.</li><li><a
shape="rect" href="cve-2012-2378.html">CVE-2012-2378</a> - Apache CXF does not
pick up some child policies of WS-SecurityPolicy 1.1 SupportingToken policy
assertions on the client side.</li><li><a shape="rect"
href="note-on-cve-2011-1096.html">Note on CVE-2011-1096</a> - XML Encryption
flaw / Character pattern encoding attack.</li><li><a shape="rect"
href="cve-2012-0803.html">CVE-2012-0803</a> - Apache CXF does not validate
UsernameToken policies correctly.</li></ul><h3
id="SecurityAdvisories-2010">2010</h3><ul><li><a shape="rect"
class="external-link"
href="http://svn.apache.org/repos/asf/cxf/trunk/security/CVE-2010-2076.pdf";>CVE-2010-2076</a>
- DTD based XML attacks.</li></ul></div>
</div>
<!-- Content -->
</td>
