Page History

2014

• CVE-2014-0109: HTML content posted to SOAP endpoint could cause OOM errors
• CVE-2014-0110: Large invalid content could cause temporary space to fill
• CVE-2014-0034: The SecurityTokenService accepts certain invalid SAML Tokens as valid
• CVE-2014-0035: UsernameTokens are sent in plaintext with a Symmetric EncryptBeforeSigning policy

2013

• CVE-2013-2160 - Denial of Service Attacks on Apache CXF
• Note on CVE-2012-5575 - XML Encryption backwards compatibility attack on Apache CXF.
• CVE-2013-0239 - Authentication bypass in the case of WS-SecurityPolicy enabled plaintext UsernameTokens.

...