What is CVE-2014-0034?

CVE-2014-0034 is a vulnerability in Apache Cxf, classified under Improper Input Validation. Published 2014-07-07.

Is CVE-2014-0034 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Apache Cxf

CVE-2014-0034

The SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an invalid SAML token.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.019 (83.4th percentile) — read the EPSS interpretation.

Affected products

Apache Cxf — versions 2.6.0, 2.6.1, 2.6.2
Redhat Jboss_enterprise_application_platform — versions 6.0.0, 6.2.0
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

n0-traces/cve_

References

RHSA-2014:0798 (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
68441 (vdb-entry, x_refsource_BID)
secalert@redhat.com (x_refsource_CONFIRM, Patch)
RHSA-2015:0850 (x_refsource_REDHAT, vendor-advisory)
RHSA-2014:0797 (x_refsource_REDHAT, vendor-advisory)
RHSA-2015:0851 (x_refsource_REDHAT, vendor-advisory)
RHSA-2014:0799 (x_refsource_REDHAT, vendor-advisory)
RHSA-2014:1351 (x_refsource_REDHAT, vendor-advisory)
[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2014-0034?: CVE-2014-0034 is a vulnerability in Apache Cxf, classified under Improper Input Validation. Published 2014-07-07.
Is CVE-2014-0034 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.