Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3451

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-3451
Last Modified 14 May 2013 11:27:55
Published 24 Sep 2012 01:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-3451

Summary

Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.

Vulnerable Systems

Application

  • Apache Cxf 2.4.7

  • Apache Cxf 2.4.8

  • Apache Cxf 2.5.3

  • Apache Cxf 2.5.4

  • Apache Cxf 2.6.1


References

CONFIRM - http://svn.apache.org/viewvc?view=revision&revision=1368559

CONFIRM - http://cxf.apache.org/cve-2012-3451.html

SECUNIA - 51607

REDHAT - RHSA-2012:1594

REDHAT - RHSA-2012:1592

REDHAT - RHSA-2012:1591

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=851896

SECUNIA - 52183

REDHAT - RHSA-2013:0259

REDHAT - RHSA-2013:0258

REDHAT - RHSA-2013:0257

REDHAT - RHSA-2013:0256

XF - apache-cfx-soapaction-security-bypass(78734)

REDHAT - RHSA-2013:0743

REDHAT - RHSA-2013:0726


Last Updated: 27 May 2016 11:02:05