svn commit: r922341 [3/3] - in /websites/production/cxf/content: ./ 2008/10/23/ cache/

buildbot Mon, 15 Sep 2014 19:48:36 -0700

Modified: websites/production/cxf/content/security-advisories.html
==============================================================================
--- websites/production/cxf/content/security-advisories.html (original)
+++ websites/production/cxf/content/security-advisories.html Tue Sep 16 
02:47:52 2014
@@ -99,7 +99,7 @@ Apache CXF -- Security Advisories
          <td height="100%">
            <!-- Content -->
            <div class="wiki-content">
-<div id="ConfluenceContent"><h3 
id="SecurityAdvisories-2014">2014</h3><ul><li><a shape="rect" 
href="security-advisories.data/CVE-2014-0109.txt.asc?version=1&amp;modificationDate=1398873370740&amp;api=v2">CVE-2014-0109</a>:
 HTML content posted to SOAP endpoint could cause OOM errors</li><li><a 
shape="rect" 
href="security-advisories.data/CVE-2014-0110.txt.asc?version=1&amp;modificationDate=1398873378628&amp;api=v2">CVE-2014-0110</a>:
 Large invalid content could cause temporary space to fill</li><li><a 
shape="rect" 
href="security-advisories.data/CVE-2014-0034.txt.asc?version=1&amp;modificationDate=1398873385252&amp;api=v2">CVE-2014-0034</a>:
 The SecurityTokenService accepts certain invalid SAML Tokens as 
valid</li><li><a shape="rect" 
href="security-advisories.data/CVE-2014-0035.txt.asc?version=1&amp;modificationDate=1398873391788&amp;api=v2">CVE-2014-0035</a>:
 UsernameTokens are sent in plaintext with a Symmetric EncryptBeforeSigning 
policy</li></ul><h3 id="SecurityAdvisories-2013">201
 3</h3><ul><li><a shape="rect" 
href="security-advisories.data/CVE-2013-2160.txt.asc?version=1&amp;modificationDate=1372324301000&amp;api=v2">CVE-2013-2160</a>
 - Denial of Service Attacks on Apache CXF</li><li><a shape="rect" 
href="cve-2012-5575.html">Note on CVE-2012-5575</a> - XML Encryption backwards 
compatibility attack on Apache CXF.</li><li><a shape="rect" 
href="cve-2013-0239.html">CVE-2013-0239</a> - Authentication bypass in the case 
of WS-SecurityPolicy enabled plaintext UsernameTokens.</li></ul><h3 
id="SecurityAdvisories-2012">2012</h3><ul><li><a shape="rect" 
href="cve-2012-5633.html">CVE-2012-5633</a> - WSS4JInInterceptor always allows 
HTTP Get requests from browser.</li><li><a shape="rect" 
href="note-on-cve-2011-2487.html">Note on CVE-2011-2487</a> - Bleichenbacher 
attack against distributed symmetric key in WS-Security.</li><li><a 
shape="rect" href="cve-2012-3451.html">CVE-2012-3451</a> - Apache CXF is 
vulnerable to SOAP Action spoofing attacks on Document Literal web serv
 ices.</li><li><a shape="rect" href="cve-2012-2379.html">CVE-2012-2379</a> - 
Apache CXF does not verify that elements were signed or encrypted by a 
particular Supporting Token.</li><li><a shape="rect" 
href="cve-2012-2378.html">CVE-2012-2378</a> - Apache CXF does not pick up some 
child policies of WS-SecurityPolicy 1.1 SupportingToken policy assertions on 
the client side.</li><li><a shape="rect" href="note-on-cve-2011-1096.html">Note 
on CVE-2011-1096</a> - XML Encryption flaw / Character pattern encoding 
attack.</li><li><a shape="rect" href="cve-2012-0803.html">CVE-2012-0803</a> - 
Apache CXF does not validate UsernameToken policies correctly.</li></ul><h3 
id="SecurityAdvisories-2010">2010</h3><ul><li><a shape="rect" 
class="external-link" 
href="http://svn.apache.org/repos/asf/cxf/trunk/security/CVE-2010-2076.pdf";>CVE-2010-2076</a>
 - DTD based XML attacks.</li></ul></div>
+<div id="ConfluenceContent"><h3 
id="SecurityAdvisories-2014">2014</h3><ul><li><a shape="rect" 
href="security-advisories.data/CVE-2014-0109.txt.asc?version=1&amp;modificationDate=1398873370000&amp;api=v2">CVE-2014-0109</a>:
 HTML content posted to SOAP endpoint could cause OOM errors</li><li><a 
shape="rect" 
href="security-advisories.data/CVE-2014-0110.txt.asc?version=1&amp;modificationDate=1398873378000&amp;api=v2">CVE-2014-0110</a>:
 Large invalid content could cause temporary space to fill</li><li><a 
shape="rect" 
href="security-advisories.data/CVE-2014-0034.txt.asc?version=1&amp;modificationDate=1398873385000&amp;api=v2">CVE-2014-0034</a>:
 The SecurityTokenService accepts certain invalid SAML Tokens as 
valid</li><li><a shape="rect" 
href="security-advisories.data/CVE-2014-0035.txt.asc?version=1&amp;modificationDate=1398873391000&amp;api=v2">CVE-2014-0035</a>:
 UsernameTokens are sent in plaintext with a Symmetric EncryptBeforeSigning 
policy</li></ul><h3 id="SecurityAdvisories-2013">201
 3</h3><ul><li><a shape="rect" 
href="security-advisories.data/CVE-2013-2160.txt.asc?version=1&amp;modificationDate=1372324301000&amp;api=v2">CVE-2013-2160</a>
 - Denial of Service Attacks on Apache CXF</li><li><a shape="rect" 
href="cve-2012-5575.html">Note on CVE-2012-5575</a> - XML Encryption backwards 
compatibility attack on Apache CXF.</li><li><a shape="rect" 
href="cve-2013-0239.html">CVE-2013-0239</a> - Authentication bypass in the case 
of WS-SecurityPolicy enabled plaintext UsernameTokens.</li></ul><h3 
id="SecurityAdvisories-2012">2012</h3><ul><li><a shape="rect" 
href="cve-2012-5633.html">CVE-2012-5633</a> - WSS4JInInterceptor always allows 
HTTP Get requests from browser.</li><li><a shape="rect" 
href="note-on-cve-2011-2487.html">Note on CVE-2011-2487</a> - Bleichenbacher 
attack against distributed symmetric key in WS-Security.</li><li><a 
shape="rect" href="cve-2012-3451.html">CVE-2012-3451</a> - Apache CXF is 
vulnerable to SOAP Action spoofing attacks on Document Literal web serv
 ices.</li><li><a shape="rect" href="cve-2012-2379.html">CVE-2012-2379</a> - 
Apache CXF does not verify that elements were signed or encrypted by a 
particular Supporting Token.</li><li><a shape="rect" 
href="cve-2012-2378.html">CVE-2012-2378</a> - Apache CXF does not pick up some 
child policies of WS-SecurityPolicy 1.1 SupportingToken policy assertions on 
the client side.</li><li><a shape="rect" href="note-on-cve-2011-1096.html">Note 
on CVE-2011-1096</a> - XML Encryption flaw / Character pattern encoding 
attack.</li><li><a shape="rect" href="cve-2012-0803.html">CVE-2012-0803</a> - 
Apache CXF does not validate UsernameToken policies correctly.</li></ul><h3 
id="SecurityAdvisories-2010">2010</h3><ul><li><a shape="rect" 
class="external-link" 
href="http://svn.apache.org/repos/asf/cxf/trunk/security/CVE-2010-2076.pdf";>CVE-2010-2076</a>
 - DTD based XML attacks.</li></ul></div>
            </div>
            <!-- Content -->
          </td>


Modified: websites/production/cxf/content/using-ws-policy-in-cxf-projects.html
==============================================================================
--- websites/production/cxf/content/using-ws-policy-in-cxf-projects.html 
(original)
+++ websites/production/cxf/content/using-ws-policy-in-cxf-projects.html Tue 
Sep 16 02:47:52 2014
@@ -123,7 +123,7 @@ Apache CXF -- Using WS-Policy in CXF pro
 <div class="code panel pdl" style="border-width: 1px;"><div class="codeContent 
panelContent pdl">
 <script class="theme: Default; brush: xml; gutter: false" 
type="syntaxhighlighter"><![CDATA[
 &lt;wsdl:definitions name=&quot;HelloWorld&quot; 
targetNamespace=&quot;http://apache.org/hello_world_soap_http&quot; 
-É
+â¦
 &lt;wsdl:service name=&quot;SOAPService&quot;&gt;
     &lt;wsdl:port binding=&quot;tns:Greeter_SOAPBinding&quot; 
name=&quot;SoapPort&quot;&gt;
         &lt;soap:address 
location=&quot;http://localhost:9000/SoapContext/SoapPort&quot;/&gt;

svn commit: r922341 [3/3] - in /websites/production/cxf/content: ./ 2008/10/23/ cache/

Reply via email to