cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From conflue...@apache.org
Subject [CONF] Apache CXF > Security Advisories
Date Mon, 23 Apr 2012 09:27:00 GMT
<html>
<head>
    <base href="https://cwiki.apache.org/confluence">
            <link rel="stylesheet" href="/confluence/s/2042/9/15/_/styles/combined.css?spaceKey=CXF&amp;forWysiwyg=true"
type="text/css">
    </head>
<body style="background: white;" bgcolor="white" class="email-body">
<div id="pageContent">
<div id="notificationFormat">
<div class="wiki-content">
<div class="email">
    <h2><a href="https://cwiki.apache.org/confluence/display/CXF/Security+Advisories">Security
Advisories</a></h2>
    <h4>Page <b>edited</b> by             <a href="https://cwiki.apache.org/confluence/display/~coheigea@apache.org">Colm
O hEigeartaigh</a>
    </h4>
        <br/>
                         <h4>Changes (2)</h4>
                                 
    
<div id="page-diffs">
                    <table class="diff" cellpadding="0" cellspacing="0">
    
            <tr><td class="diff-added-lines" style="background-color: #dfd;">
* [ Note on CVE-2011-1096|Note on CVE-2011-1096] - XML Encryption flaw / Character pattern
encoding attack. <br></td></tr>
            <tr><td class="diff-unchanged" > * [CVE-2012-0803|CVE-2012-0803] -
Apache CXF does not validate UsernameToken policies correctly. <br> * [CVE-2010-2076|http://svn.apache.org/repos/asf/cxf/trunk/security/CVE-2010-2076.pdf]
- DTD based XML attacks. <br></td></tr>
            <tr><td class="diff-deleted-lines" style="color:#999;background-color:#fdd;text-decoration:line-through;">.
<br></td></tr>
    
            </table>
    </div>                            <h4>Full Content</h4>
                    <div class="notificationGreySide">
        <ul>
	<li>[ Note on CVE-2011-1096|Note on CVE-2011-1096] - XML Encryption flaw / Character
pattern encoding attack.</li>
	<li><a href="/confluence/display/CXF/CVE-2012-0803" title="CVE-2012-0803">CVE-2012-0803</a>
- Apache CXF does not validate UsernameToken policies correctly.</li>
	<li><a href="http://svn.apache.org/repos/asf/cxf/trunk/security/CVE-2010-2076.pdf"
class="external-link" rel="nofollow">CVE-2010-2076</a> - DTD based XML attacks.</li>
</ul>

    </div>
        <div id="commentsSection" class="wiki-content pageSection">
        <div style="float: right;">
            <a href="https://cwiki.apache.org/confluence/users/viewnotifications.action"
class="grey">Change Notification Preferences</a>
        </div>
        <a href="https://cwiki.apache.org/confluence/display/CXF/Security+Advisories">View
Online</a>
        |
        <a href="https://cwiki.apache.org/confluence/pages/diffpagesbyversion.action?pageId=27837502&revisedVersion=4&originalVersion=3">View
Changes</a>
                |
        <a href="https://cwiki.apache.org/confluence/display/CXF/Security+Advisories?showComments=true&amp;showCommentArea=true#addcomment">Add
Comment</a>
            </div>
</div>
</div>
</div>
</div>
</body>
</html>

Mime
View raw message