CVE-2014-3584

The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted SAML token in the authorization header of a request to a JAX-RS service.

Date published : 2014-10-30

http://www.securityfocus.com/bid/70738

http://cxf.apache.org/security-advisories.data/CVE-2014-3584.txt.asc