VYPR
Critical severity9.8NVD Advisory· Published Sep 21, 2016· Updated Jun 17, 2026

CVE-2016-4464

CVE-2016-4464

Description

The application plugins in Apache CXF Fediz 1.2.x before 1.2.3 and 1.3.x before 1.3.1 do not match SAML AudienceRestriction values against configured audience URIs, which might allow remote attackers to have bypass intended restrictions and have unspecified other impact via a crafted SAML token with a trusted signature.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.cxf.fediz:fediz-springMaven
>= 1.2.0, < 1.2.31.2.3
org.apache.cxf.fediz:fediz-springMaven
>= 1.3.0, < 1.3.11.3.1
org.apache.cxf.fediz:fediz-spring2Maven
>= 1.2.0, < 1.2.31.2.3
org.apache.cxf.fediz:fediz-spring2Maven
>= 1.3.0, < 1.3.11.3.1

Affected products

2

Patches

Vulnerability mechanics

References

20

News mentions

0

No linked articles in our index yet.