PT-2012-5389 · Apache · Apache Axis2

Jan Lieskovsky

·

Published

2012-10-09

·

Updated

2022-05-17

·

CVE-2012-4418

CVSS v2.0

5.8

Medium

VectorAV:N/AC:M/Au:N/C:P/I:P/A:N
Name of the Vulnerable Software and Affected Versions Apache Axis2 (affected versions not specified)
Description The issue allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2012-4418
GHSA-88R4-38GC-97P4

Affected Products

Apache Axis2