Bug 1157330 (CVE-2014-3584)
Summary: | CVE-2014-3584 Apache CXF: Denial of Service (DoS) via invalid JAX-RS SAML tokens | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Arun Babu Neelicattu <aneelica> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | asoldano, bleanhar, ccoleman, cdewolf, chazlett, dandread, darran.lofthouse, dmcphers, fnasser, grocha, huwang, jawilson, jcoleman, jialiu, jokerman, lgao, lmeyer, mmccomas, myarboro, pslavice, rsvoboda, rzhang, soa-p-jira, tkirby, vtunka, weli |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | cxf 2.6.11, cxf 2.7.8, cxf 3.0.0-milestone1 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2021-10-20 10:47:29 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1157305, 1157331, 1157332, 1157935, 1157937, 1158224 | ||
Bug Blocks: | 1157339 |
Description
Arun Babu Neelicattu
2014-10-27 03:37:42 UTC
Created cxf tracking bugs for this issue: Affects: fedora-all [bug 1157305] Statement: This issue did not affect Apache CXF as shipped with Red Hat JBoss Enterprise Application Platform 5 and 6; Red Hat JBoss Enterprise Web Platform 5; Red Hat JBoss SOA Platform 5; Red Hat JBoss Fuse Service Works 6; Red Hat JBoss BRMS 5 and 6; Red Hat JBoss BPM Suite 6; Red Hat JBoss Data Virtualization 6; Red Hat JBoss Operations Network 3 and Red Hat JBoss Portal Platform 6 as the REST Web Services endpoints are not available. Fuse ESB Enterprise 7 is now in Maintenance Support phase receiving only qualified Important and Critical impact security fixes. This issue has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Fuse Product Life Cycle: https://access.redhat.com/support/policy/updates/fusesource/ |