THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
2015
2014
- CVE-2014-3577: Apache CXF SSL hostname verification bypass
- Note on CVE-2014-3566: SSL 3.0 support in Apache CXF, aka the "POODLE" attack.
- CVE-2014-3623: Apache CXF does not properly enforce the security semantics of SAML SubjectConfirmation methods when used with the TransportBinding
- CVE-2014-3584: Apache CXF JAX-RS SAML handling is vulnerable to a Denial of Service (DoS) attack
- CVE-2014-0109: HTML content posted to SOAP endpoint could cause OOM errors
- CVE-2014-0110: Large invalid content could cause temporary space to fill
- CVE-2014-0034: The SecurityTokenService accepts certain invalid SAML Tokens as valid
- CVE-2014-0035: UsernameTokens are sent in plaintext with a Symmetric EncryptBeforeSigning policy
...