Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does not properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vectors.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Wss4j | Apache | * | 1.6.17 (excluding) |
| Wss4j | Apache | 2.0.0 (including) | 2.0.2 (excluding) |
| Red Hat JBoss A-MQ 6.1 | RedHat | * | |
| Red Hat JBoss BPMS 6.0 | RedHat | * | |
| Red Hat JBoss BRMS 6.0 | RedHat | * | |
| Red Hat JBoss Data Virtualization 6.1 | RedHat | * | |
| Red Hat JBoss Enterprise Application Platform 6.3 | RedHat | * | |
| Red Hat JBoss Enterprise Application Platform 6.3 for RHEL 5 | RedHat | apache-cxf-0:2.7.12-1.SP1_redhat_5.1.ep6.el5 | * |
| Red Hat JBoss Enterprise Application Platform 6.3 for RHEL 5 | RedHat | wss4j-0:1.6.16-2.redhat_3.1.ep6.el5 | * |
| Red Hat JBoss Enterprise Application Platform 6.3 for RHEL 6 | RedHat | apache-cxf-0:2.7.12-1.SP1_redhat_5.1.ep6.el6 | * |
| Red Hat JBoss Enterprise Application Platform 6.3 for RHEL 6 | RedHat | wss4j-0:1.6.16-2.redhat_3.1.ep6.el6 | * |
| Red Hat JBoss Enterprise Application Platform 6.3 for RHEL 7 | RedHat | apache-cxf-0:2.7.12-1.SP1_redhat_5.1.ep6.el7 | * |
| Red Hat JBoss Enterprise Application Platform 6.3 for RHEL 7 | RedHat | wss4j-0:1.6.16-2.redhat_3.1.ep6.el7 | * |
| Red Hat JBoss Fuse 6.1 | RedHat | * |