Colm O hEigeartaigh
2014-04-30 17:08:43 UTC
Four new security advisories have been disclosed for Apache CXF. They are:
* CVE-2014-0109: HTML content posted to SOAP endpoint could cause OOM
errors
* CVE-2014-0110: Large invalid content could cause temporary space to fill
* CVE-2014-0034: The SecurityTokenService accepts certain invalid SAML
Tokens as valid
* CVE-2014-0035: UsernameTokens are sent in plaintext with a Symmetric
EncryptBeforeSigning policy
Please see the security advisories page of Apache CXF for more information:
http://cxf.apache.org/security-advisories.html
Users are strongly encouraged to upgrade to the latest releases (2.6.14 and
2.7.11).
Colm.
* CVE-2014-0109: HTML content posted to SOAP endpoint could cause OOM
errors
* CVE-2014-0110: Large invalid content could cause temporary space to fill
* CVE-2014-0034: The SecurityTokenService accepts certain invalid SAML
Tokens as valid
* CVE-2014-0035: UsernameTokens are sent in plaintext with a Symmetric
EncryptBeforeSigning policy
Please see the security advisories page of Apache CXF for more information:
http://cxf.apache.org/security-advisories.html
Users are strongly encouraged to upgrade to the latest releases (2.6.14 and
2.7.11).
Colm.
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com