PT-2013-1808 · Apache · Apache Cxf
Published
2013-08-19
·
Updated
2023-02-13
·
CVE-2012-5575
CVSS v2.0
6.4
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Apache CXF versions 2.5.x through 2.5.9
Apache CXF versions 2.6.x through 2.6.6
Apache CXF versions 2.7.x through 2.7.3
Description
The issue allows remote attackers to force the use of weaker cryptographic algorithms than intended, making it easier to decrypt communications. This is due to the failure to verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting.
Recommendations
For Apache CXF versions 2.5.x through 2.5.9, update to version 2.5.10 or later.
For Apache CXF versions 2.6.x through 2.6.6, update to version 2.6.7 or later.
For Apache CXF versions 2.7.x through 2.7.3, update to version 2.7.4 or later.
Fix
Inadequate Encryption Strength
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Apache Cxf