cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <>
Subject [ANNOUNCE] - New security advisories for Apache CXF
Date Wed, 30 Apr 2014 17:08:43 GMT
Four new security advisories have been disclosed for Apache CXF. They are:

 * CVE-2014-0109: HTML content posted to SOAP endpoint could cause OOM
 * CVE-2014-0110: Large invalid content could cause temporary space to fill
 * CVE-2014-0034: The SecurityTokenService accepts certain invalid SAML
Tokens as valid
 * CVE-2014-0035: UsernameTokens are sent in plaintext with a Symmetric
EncryptBeforeSigning policy

Please see the security advisories page of Apache CXF for more information:

Users are strongly encouraged to upgrade to the latest releases (2.6.14 and


Colm O hEigeartaigh

Talend Community Coder

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message