CVE-2012-2379

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Apache CXF versions 2.4.x through 2.4.7 Apache CXF versions 2.5.x through 2.5.3 Apache CXF versions 2.6.x through 2.6.0

Description The issue arises when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, and the software fails to ensure that an XML element is properly signed or encrypted. This has an unspecified impact and attack vectors.

Recommendations For Apache CXF versions 2.4.x through 2.4.7, update to version 2.4.8 or later. For Apache CXF versions 2.5.x through 2.5.3, update to version 2.5.4 or later. For Apache CXF versions 2.6.x through 2.6.0, update to version 2.6.1 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2012-2379

GHSA-2G99-C67P-56HM

RHSA-2012:1591

RHSA-2012:1592

RHSA-2013:0191

RHSA-2013:0192

RHSA-2013:0193

RHSA-2013:0195

RHSA-2013:0196

RHSA-2013:0197

Affected Products

Apache Cxf

CVE-2012-2379

Related Identifiers

Affected Products

References · 37