ByteOS Network

Vulnerability Details :

CVE-2016-4464

Assigner-redhat

Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749

Published At-21 Sep, 2016 | 18:00

Updated At-06 Aug, 2024 | 00:32

The application plugins in Apache CXF Fediz 1.2.x before 1.2.3 and 1.3.x before 1.3.1 do not match SAML AudienceRestriction values against configured audience URIs, which might allow remote attackers to have bypass intended restrictions and have unspecified other impact via a crafted SAML token with a trusted signature.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:redhat

Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749

Published At:21 Sep, 2016 | 18:00

Updated At:06 Aug, 2024 | 00:32

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
http://www.securitytracker.com/id/1036869	vdb-entry x_refsource_SECTRACK
http://cxf.apache.org/security-advisories.data/CVE-2016-4464.txt.asc	x_refsource_CONFIRM
http://www.securityfocus.com/bid/92905	vdb-entry x_refsource_BID
http://www.openwall.com/lists/oss-security/2016/09/08/20	mailing-list x_refsource_MLIST
https://git-wip-us.apache.org/repos/asf?p=cxf-fediz.git%3Ba=commit%3Bh=0006581e9cacbeef46381a223e5671e524d416b6	x_refsource_CONFIRM
https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E	mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E	mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E	mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E	mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E	mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E	mailing-list x_refsource_MLIST

Hyperlink: http://www.securitytracker.com/id/1036869

Resource:

vdb-entry

x_refsource_SECTRACK

Hyperlink: http://cxf.apache.org/security-advisories.data/CVE-2016-4464.txt.asc

Resource:

x_refsource_CONFIRM

Hyperlink: http://www.securityfocus.com/bid/92905

Resource:

vdb-entry

x_refsource_BID

Hyperlink: http://www.openwall.com/lists/oss-security/2016/09/08/20

Resource:

mailing-list

x_refsource_MLIST

Hyperlink: https://git-wip-us.apache.org/repos/asf?p=cxf-fediz.git%3Ba=commit%3Bh=0006581e9cacbeef46381a223e5671e524d416b6

Resource:

x_refsource_CONFIRM

Hyperlink: https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E

Resource:

mailing-list

x_refsource_MLIST

Hyperlink: https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E

Resource:

mailing-list

x_refsource_MLIST

Hyperlink: https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E

Resource:

mailing-list

x_refsource_MLIST

Hyperlink: https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E

Resource:

mailing-list

x_refsource_MLIST

Hyperlink: https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E

Resource:

mailing-list

x_refsource_MLIST

Hyperlink: https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E

Resource:

mailing-list

x_refsource_MLIST

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
http://www.securitytracker.com/id/1036869	vdb-entry x_refsource_SECTRACK x_transferred
http://cxf.apache.org/security-advisories.data/CVE-2016-4464.txt.asc	x_refsource_CONFIRM x_transferred
http://www.securityfocus.com/bid/92905	vdb-entry x_refsource_BID x_transferred
http://www.openwall.com/lists/oss-security/2016/09/08/20	mailing-list x_refsource_MLIST x_transferred
https://git-wip-us.apache.org/repos/asf?p=cxf-fediz.git%3Ba=commit%3Bh=0006581e9cacbeef46381a223e5671e524d416b6	x_refsource_CONFIRM x_transferred
https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E	mailing-list x_refsource_MLIST x_transferred
https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E	mailing-list x_refsource_MLIST x_transferred
https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E	mailing-list x_refsource_MLIST x_transferred
https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E	mailing-list x_refsource_MLIST x_transferred
https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E	mailing-list x_refsource_MLIST x_transferred
https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E	mailing-list x_refsource_MLIST x_transferred

Hyperlink: http://www.securitytracker.com/id/1036869

Resource:

vdb-entry

x_refsource_SECTRACK

x_transferred

Hyperlink: http://cxf.apache.org/security-advisories.data/CVE-2016-4464.txt.asc

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://www.securityfocus.com/bid/92905

Resource:

vdb-entry

x_refsource_BID

x_transferred

Hyperlink: http://www.openwall.com/lists/oss-security/2016/09/08/20

Resource:

mailing-list

x_refsource_MLIST

x_transferred

Hyperlink: https://git-wip-us.apache.org/repos/asf?p=cxf-fediz.git%3Ba=commit%3Bh=0006581e9cacbeef46381a223e5671e524d416b6

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E

Resource:

mailing-list

x_refsource_MLIST

x_transferred

Hyperlink: https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E

Resource:

mailing-list

x_refsource_MLIST

x_transferred

Hyperlink: https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E

Resource:

mailing-list

x_refsource_MLIST

x_transferred

Hyperlink: https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E

Resource:

mailing-list

x_refsource_MLIST

x_transferred

Hyperlink: https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E

Resource:

mailing-list

x_refsource_MLIST

x_transferred

Hyperlink: https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E

Resource:

mailing-list

x_refsource_MLIST

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:secalert@redhat.com

Published At:21 Sep, 2016 | 18:59

Updated At:12 Apr, 2025 | 10:46

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	9.8	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P

Type: Primary

Version: 3.0

Base score: 9.8

Base severity: CRITICAL

Vector:

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 2.0

Base score: 7.5

Base severity: HIGH

Vector:

AV:N/AC:L/Au:N/C:P/I:P/A:P

CPE Matches

The Apache Software Foundation

>>cxf_fediz>>1.2.0

cpe:2.3:a:apache:cxf_fediz:1.2.0:*:*:*:*:*:*:*

The Apache Software Foundation

>>cxf_fediz>>1.2.1

cpe:2.3:a:apache:cxf_fediz:1.2.1:*:*:*:*:*:*:*

The Apache Software Foundation

>>cxf_fediz>>1.2.2

cpe:2.3:a:apache:cxf_fediz:1.2.2:*:*:*:*:*:*:*

The Apache Software Foundation

>>cxf_fediz>>1.3.0

cpe:2.3:a:apache:cxf_fediz:1.3.0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-284	Primary	nvd@nist.gov

CWE ID: CWE-284

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://cxf.apache.org/security-advisories.data/CVE-2016-4464.txt.asc	secalert@redhat.com	Mitigation Vendor Advisory
http://www.openwall.com/lists/oss-security/2016/09/08/20	secalert@redhat.com	Mailing List Third Party Advisory
http://www.securityfocus.com/bid/92905	secalert@redhat.com	N/A
http://www.securitytracker.com/id/1036869	secalert@redhat.com	N/A
https://git-wip-us.apache.org/repos/asf?p=cxf-fediz.git%3Ba=commit%3Bh=0006581e9cacbeef46381a223e5671e524d416b6	secalert@redhat.com	N/A
https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E	secalert@redhat.com	N/A
https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E	secalert@redhat.com	N/A
https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E	secalert@redhat.com	N/A
https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E	secalert@redhat.com	N/A
https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E	secalert@redhat.com	N/A
https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E	secalert@redhat.com	N/A
http://cxf.apache.org/security-advisories.data/CVE-2016-4464.txt.asc	af854a3a-2127-422b-91ae-364da2661108	Mitigation Vendor Advisory
http://www.openwall.com/lists/oss-security/2016/09/08/20	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory
http://www.securityfocus.com/bid/92905	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securitytracker.com/id/1036869	af854a3a-2127-422b-91ae-364da2661108	N/A
https://git-wip-us.apache.org/repos/asf?p=cxf-fediz.git%3Ba=commit%3Bh=0006581e9cacbeef46381a223e5671e524d416b6	af854a3a-2127-422b-91ae-364da2661108	N/A
https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E	af854a3a-2127-422b-91ae-364da2661108	N/A
https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E	af854a3a-2127-422b-91ae-364da2661108	N/A
https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E	af854a3a-2127-422b-91ae-364da2661108	N/A
https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E	af854a3a-2127-422b-91ae-364da2661108	N/A
https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E	af854a3a-2127-422b-91ae-364da2661108	N/A
https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E	af854a3a-2127-422b-91ae-364da2661108	N/A