Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2378

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-2378
Last Modified 12 Feb 2013 12:08:50
Published 04 Jan 2013 07:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-2378

Summary

Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.

Vulnerable Systems

Application

  • Apache Cxf 2.4.5

  • Apache Cxf 2.4.6

  • Apache Cxf 2.4.7

  • Apache Cxf 2.5.1

  • Apache Cxf 2.5.2

  • Apache Cxf 2.5.3

  • Apache Cxf 2.6.0


References

CONFIRM - http://svn.apache.org/viewvc?view=revision&revision=1337150

SECUNIA - 51607

REDHAT - RHSA-2012:1594

REDHAT - RHSA-2012:1592

REDHAT - RHSA-2012:1591

CONFIRM - http://cxf.apache.org/cve-2012-2378.html

BID - 53880


Last Updated: 27 May 2016 10:57:38