Author: buildbot Date: Fri Oct 24 17:47:26 2014 New Revision: 926710 Log: Production update by buildbot for cxf
Added: websites/production/cxf/content/security-advisories.data/CVE-2014-3584.txt.asc websites/production/cxf/content/security-advisories.data/CVE-2014-3623.txt.asc Modified: websites/production/cxf/content/cache/main.pageCache websites/production/cxf/content/security-advisories.html Modified: websites/production/cxf/content/cache/main.pageCache ============================================================================== Binary files - no diff available. Added: websites/production/cxf/content/security-advisories.data/CVE-2014-3584.txt.asc ============================================================================== --- websites/production/cxf/content/security-advisories.data/CVE-2014-3584.txt.asc (added) +++ websites/production/cxf/content/security-advisories.data/CVE-2014-3584.txt.asc Fri Oct 24 17:47:26 2014 @@ -0,0 +1,49 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + + +CVE-2014-3584: Apache CXF JAX-RS SAML handling is vulnerable to a Denial of +Service (DoS) attack + +Severity: Major + +Vendor: The Apache Software Foundation + +Versions Affected: + +This vulnerability affects all versions of Apache CXF prior to 3.0.0-milestone1, +2.7.8 and 2.6.11. + +Description: + +An Apache CXF JAX-RS service can process SAML tokens received in the +authorization header of a request via the SamlHeaderInHandler. However it is +possible to cause an infinite loop in the parsing of this header by passing +certain bad values for the header, leading to a Denial of Service attack on +the service. + +This has been fixed in revision: + +https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=commit;h=0b3894f57388b9955f2c33b2295223f2835cd7b3 + +Migration: + +CXF 2.6.x users should upgrade to 2.6.11 or later as soon as possible. +CXF 2.7.x users should upgrade to 2.7.8 or later as soon as possible. +CXF 3.0.x users should upgrade to 3.0.1 or later as soon as possible. + +Credit: This issue was reported by Dario Amiri (GE Global Research) + +References: http://cxf.apache.org/security-advisories.html + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iQEcBAEBAgAGBQJUNAHJAAoJEGe/gLEK1TmDozkIALZ6S+FaW3j8yEOh4twKdcjO +Gfl3nFuoQJMs3iFNk8TTNmWr9cg33sqhxHRpHiQ9Z/WNibNNZpOKziNu3r1L06eD +M4c+BzFNcpKN6fdoPsB1ivF0OjpYDSyl6fhJ2RwRpR0Jnq6678BfqPh1H/UaUpYC +EduwcKxOZ+Y7dkTz8xFWtPh8C9NfuWK8dOP9XTIXTGwp1MzltTWHDWhSq8Xhhjx0 +oNevLPJi5h9Oy1Rs6tTDQ2L4mdD+4O97wHVixGGVfsrPaW0re/2gZxxZvWY2MxDz +tH6Upwlh5IsLmrawUnknsjM+gyJK4zH+8RkY71VnJZvANY3MOhxbxgiCpr2wdwE= +=MsK3 +-----END PGP SIGNATURE----- Added: websites/production/cxf/content/security-advisories.data/CVE-2014-3623.txt.asc ============================================================================== --- websites/production/cxf/content/security-advisories.data/CVE-2014-3623.txt.asc (added) +++ websites/production/cxf/content/security-advisories.data/CVE-2014-3623.txt.asc Fri Oct 24 17:47:26 2014 @@ -0,0 +1,49 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + + +CVE-2014-3623: Apache CXF does not properly enforce the security semantics of +SAML SubjectConfirmation methods when used with the TransportBinding + +Severity: Major + +Vendor: The Apache Software Foundation + +Versions Affected: + +This vulnerability affects all versions of Apache CXF prior to 2.7.13 and +3.0.2. + +Description: + +There are different security requirements associated with SAML +SubjectConfirmation methods. These security requirements are not properly +enforced in Apache CXF when used with the TransportBinding, leaving endpoints +that rely on SAML for authentication vulnerable to types of spoofing attacks. + +This has been fixed in revisions (in Apache WSS4J): + +http://svn.apache.org/viewvc?view=revision&revision=1624308 +http://svn.apache.org/viewvc?view=revision&revision=1624287 +http://svn.apache.org/viewvc?view=revision&revision=1624262 + +Migration: + +CXF 2.7.x users should upgrade to 2.7.13 or later as soon as possible. +CXF 3.0.x users should upgrade to 3.0.2 or later as soon as possible. + +Credit: This issue was reported by Dario Amiri (GE Global Research) + +References: http://cxf.apache.org/security-advisories.html + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iQEcBAEBAgAGBQJUNAHXAAoJEGe/gLEK1TmD0WIH/jOJNzXZDV8eZBK8+rBCshxH +b2d6w8+aKTaWglMDCEVpPh7EPEDhiOaLeqsN9pfHiuqNSqXX49hFaEDvdN5+7N9Q +21tekKmAP2zuYuVzTgNmrsltUPD4CTb6sH5thecag28XPdbci/fD3LRbKmJtnbpi +zmszV3h9tTd23Dk/O33ehyLeh2Y4xIx3vodACO0GtHWhOmLs46Gy56MY1kfkWryG +bcYCPSSOJ1VN9KVJJAha00zk4xK51gFcdGB5Wm4QxfVcnMJ4Fk3KKM6Y4+UgTJfX +f3xjggCa5DwooZH7NWiccDZ1IMVND4CZ+K/GhLTLAfIL/Sxvd8c1lkFW8NERAeE= +=is33 +-----END PGP SIGNATURE----- Modified: websites/production/cxf/content/security-advisories.html ============================================================================== --- websites/production/cxf/content/security-advisories.html (original) +++ websites/production/cxf/content/security-advisories.html Fri Oct 24 17:47:26 2014 @@ -99,7 +99,7 @@ Apache CXF -- Security Advisories <td height="100%"> <!-- Content --> <div class="wiki-content"> -<div id="ConfluenceContent"><h3 id="SecurityAdvisories-2014">2014</h3><ul><li><a shape="rect" href="security-advisories.data/CVE-2014-0109.txt.asc?version=1&modificationDate=1398873370000&api=v2">CVE-2014-0109</a>: HTML content posted to SOAP endpoint could cause OOM errors</li><li><a shape="rect" href="security-advisories.data/CVE-2014-0110.txt.asc?version=1&modificationDate=1398873378000&api=v2">CVE-2014-0110</a>: Large invalid content could cause temporary space to fill</li><li><a shape="rect" href="security-advisories.data/CVE-2014-0034.txt.asc?version=1&modificationDate=1398873385000&api=v2">CVE-2014-0034</a>: The SecurityTokenService accepts certain invalid SAML Tokens as valid</li><li><a shape="rect" href="security-advisories.data/CVE-2014-0035.txt.asc?version=1&modificationDate=1398873391000&api=v2">CVE-2014-0035</a>: UsernameTokens are sent in plaintext with a Symmetric EncryptBeforeSigning policy</li></ul><h3 id="SecurityAdvisories-2013">201 3</h3><ul><li><a shape="rect" href="security-advisories.data/CVE-2013-2160.txt.asc?version=1&modificationDate=1372324301000&api=v2">CVE-2013-2160</a> - Denial of Service Attacks on Apache CXF</li><li><a shape="rect" href="cve-2012-5575.html">Note on CVE-2012-5575</a> - XML Encryption backwards compatibility attack on Apache CXF.</li><li><a shape="rect" href="cve-2013-0239.html">CVE-2013-0239</a> - Authentication bypass in the case of WS-SecurityPolicy enabled plaintext UsernameTokens.</li></ul><h3 id="SecurityAdvisories-2012">2012</h3><ul><li><a shape="rect" href="cve-2012-5633.html">CVE-2012-5633</a> - WSS4JInInterceptor always allows HTTP Get requests from browser.</li><li><a shape="rect" href="note-on-cve-2011-2487.html">Note on CVE-2011-2487</a> - Bleichenbacher attack against distributed symmetric key in WS-Security.</li><li><a shape="rect" href="cve-2012-3451.html">CVE-2012-3451</a> - Apache CXF is vulnerable to SOAP Action spoofing attacks on Document Literal web serv ices.</li><li><a shape="rect" href="cve-2012-2379.html">CVE-2012-2379</a> - Apache CXF does not verify that elements were signed or encrypted by a particular Supporting Token.</li><li><a shape="rect" href="cve-2012-2378.html">CVE-2012-2378</a> - Apache CXF does not pick up some child policies of WS-SecurityPolicy 1.1 SupportingToken policy assertions on the client side.</li><li><a shape="rect" href="note-on-cve-2011-1096.html">Note on CVE-2011-1096</a> - XML Encryption flaw / Character pattern encoding attack.</li><li><a shape="rect" href="cve-2012-0803.html">CVE-2012-0803</a> - Apache CXF does not validate UsernameToken policies correctly.</li></ul><h3 id="SecurityAdvisories-2010">2010</h3><ul><li><a shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/cxf/trunk/security/CVE-2010-2076.pdf">CVE-2010-2076</a> - DTD based XML attacks.</li></ul></div> +<div id="ConfluenceContent"><h3 id="SecurityAdvisories-2014">2014</h3><ul><li><a shape="rect" href="security-advisories.data/CVE-2014-3623.txt.asc?version=1&modificationDate=1414169368341&api=v2">CVE-2014-3623</a>: Apache CXF does not properly enforce the security semantics of SAML SubjectConfirmation methods when used with the TransportBinding</li><li><a shape="rect" href="security-advisories.data/CVE-2014-3584.txt.asc?version=1&modificationDate=1414169326347&api=v2">CVE-2014-3584</a>: Apache CXF JAX-RS SAML handling is vulnerable to a Denial of Service (DoS) attack</li><li><a shape="rect" href="security-advisories.data/CVE-2014-0109.txt.asc?version=1&modificationDate=1398873370000&api=v2">CVE-2014-0109</a>: HTML content posted to SOAP endpoint could cause OOM errors</li><li><a shape="rect" href="security-advisories.data/CVE-2014-0110.txt.asc?version=1&modificationDate=1398873378000&api=v2">CVE-2014-0110</a>: Large invalid content could cause tempora ry space to fill</li><li><a shape="rect" href="security-advisories.data/CVE-2014-0034.txt.asc?version=1&modificationDate=1398873385000&api=v2">CVE-2014-0034</a>: The SecurityTokenService accepts certain invalid SAML Tokens as valid</li><li><a shape="rect" href="security-advisories.data/CVE-2014-0035.txt.asc?version=1&modificationDate=1398873391000&api=v2">CVE-2014-0035</a>: UsernameTokens are sent in plaintext with a Symmetric EncryptBeforeSigning policy</li></ul><h3 id="SecurityAdvisories-2013">2013</h3><ul><li><a shape="rect" href="security-advisories.data/CVE-2013-2160.txt.asc?version=1&modificationDate=1372324301000&api=v2">CVE-2013-2160</a> - Denial of Service Attacks on Apache CXF</li><li><a shape="rect" href="cve-2012-5575.html">Note on CVE-2012-5575</a> - XML Encryption backwards compatibility attack on Apache CXF.</li><li><a shape="rect" href="cve-2013-0239.html">CVE-2013-0239</a> - Authentication bypass in the case of WS-SecurityPolicy enabled plain text UsernameTokens.</li></ul><h3 id="SecurityAdvisories-2012">2012</h3><ul><li><a shape="rect" href="cve-2012-5633.html">CVE-2012-5633</a> - WSS4JInInterceptor always allows HTTP Get requests from browser.</li><li><a shape="rect" href="note-on-cve-2011-2487.html">Note on CVE-2011-2487</a> - Bleichenbacher attack against distributed symmetric key in WS-Security.</li><li><a shape="rect" href="cve-2012-3451.html">CVE-2012-3451</a> - Apache CXF is vulnerable to SOAP Action spoofing attacks on Document Literal web services.</li><li><a shape="rect" href="cve-2012-2379.html">CVE-2012-2379</a> - Apache CXF does not verify that elements were signed or encrypted by a particular Supporting Token.</li><li><a shape="rect" href="cve-2012-2378.html">CVE-2012-2378</a> - Apache CXF does not pick up some child policies of WS-SecurityPolicy 1.1 SupportingToken policy assertions on the client side.</li><li><a shape="rect" href="note-on-cve-2011-1096.html">Note on CVE-2011-1096</a> - XML Encryption fla w / Character pattern encoding attack.</li><li><a shape="rect" href="cve-2012-0803.html">CVE-2012-0803</a> - Apache CXF does not validate UsernameToken policies correctly.</li></ul><h3 id="SecurityAdvisories-2010">2010</h3><ul><li><a shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/cxf/trunk/security/CVE-2010-2076.pdf">CVE-2010-2076</a> - DTD based XML attacks.</li></ul></div> </div> <!-- Content --> </td>