Main Vulnerability Database SB2016050201

SB2016050201 - Security restrictions bypass in Apache CXF Fediz

Published: May 2, 2016

Security Bulletin ID SB2016050201

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Security restrictions bypass (CVE-ID: CVE-2016-4464)

The vulnerability allows a remote authenticated user to bypass security restrictions on the target system.
The weakness is caused by improper access control. Improper evaluation of the AudienceRestriction values of received SAML tokens allows attackers to gain access to different services on the target system.
Successful exploitation of the vulnerability results in access to the services on the vulnerable system.

Remediation

Install update from vendor's website.

References

http://cxf.apache.org/security-advisories.data/CVE-2016-4464.txt.asc