Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 24 Oct 2014 19:10:21 +0100
From: Colm O hEigeartaigh <>
To: "" <>, "" <>, 
	Apache Security Response Team <>,,
Subject: New security advisories released for Apache CXF

Two new security advisories have been released for Apache CXF:

 - CVE-2014-3623: Apache CXF does not properly enforce the security
semantics of SAML SubjectConfirmation methods when used with the

 - CVE-2014-3584: Apache CXF JAX-RS SAML handling is vulnerable to a Denial
of Service (DoS) attack

Advisories attached to this mail + also available via the CXF security
advisories page:


Colm O hEigeartaigh

Talend Community Coder

Content of type "text/html" skipped

View attachment "CVE-2014-3584.txt.asc" of type "text/plain" (1613 bytes)

View attachment "CVE-2014-3623.txt.asc" of type "text/plain" (1653 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.