MGASA-2014-0557

Advisory lineage Upstream: 2 Downstream: 0
Published: 31 Dec 2014, 12:28
Last modified:16 Apr 2026, 06:24

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

31 Dec 2014, 12:28
Published
Vulnerability first disclosed
16 Apr 2026, 06:24
Last Modified
Vulnerability information updated

Description

Updated cxf packages fix security vulnerabilities Updated cxf packages fix security vulnerabilities: An Apache CXF JAX-RS service can process SAML tokens received in the authorization header of a request via the SamlHeaderInHandler. However it is possible to cause an infinite loop in the parsing of this header by passing certain bad values for the header, leading to a Denial of Service attack on the service (CVE-2014-3584). Apache CXF is vulnerable to a possible SSL hostname verification bypass, due to a flaw in comparing the server hostname to the domain name in the Subject's DN field. A Man In The Middle attack can exploit this vulnerability by using a specially crafted Subject DN to spoof a valid certificate (CVE-2014-3577).

Affected Systems

  • mageiacxf

    < 2.7.5-3.1.mga4

References (6)