Vulnerability in Apache Cxf
CVE-2015-5253
The SAML Web SSO module in Apache CXF before 2.7.18, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote authenticated users to bypass authentication via a crafted SAML response with a valid signed assertion, related to a "wrapping at…
EPSS: 0.003 (56.8th percentile) — read the EPSS interpretation.
Affected products
- Apache Cxf
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
- secalert@redhat.com (x_refsource_CONFIRM)
- 1034162 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
- RHSA-2016:0321 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- [oss-security] 20151114 New security advisory for Apache CXF (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)
- [cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html (mailing-list, x_refsource_MLIST)
- [cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html (mailing-list, x_refsource_MLIST)
- [cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html (mailing-list, x_refsource_MLIST)
- [cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html (mailing-list, x_refsource_MLIST)
- [cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html (mailing-list, x_refsource_MLIST)
Frequently asked questions
- What is CVE-2015-5253?
- CVE-2015-5253 is a vulnerability in Apache Cxf, classified under CWE-264. Published 2015-11-18.
- Is CVE-2015-5253 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.