Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2379

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2012-2379
Last Modified 13 Feb 2013 11:52:38
Published 02 Jan 2013 08:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-2379

Summary

Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.

Vulnerable Systems

Application

  • Apache Cxf 2.4.0

  • Apache Cxf 2.4.1

  • Apache Cxf 2.4.2

  • Apache Cxf 2.4.3

  • Apache Cxf 2.4.4

  • Apache Cxf 2.4.5

  • Apache Cxf 2.4.6

  • Apache Cxf 2.4.7

  • Apache Cxf 2.5.0

  • Apache Cxf 2.5.1

  • Apache Cxf 2.5.2

  • Apache Cxf 2.5.3

  • Apache Cxf 2.6.0


References

CONFIRM - http://svn.apache.org/viewvc?view=revision&revision=1338219

CONFIRM - http://cxf.apache.org/cve-2012-2379.html

SECUNIA - 51607

REDHAT - RHSA-2012:1594

REDHAT - RHSA-2012:1592

REDHAT - RHSA-2012:1591

SECUNIA - 51984

REDHAT - RHSA-2013:0198

REDHAT - RHSA-2013:0197

REDHAT - RHSA-2013:0196

REDHAT - RHSA-2013:0195

REDHAT - RHSA-2013:0194

REDHAT - RHSA-2013:0193

REDHAT - RHSA-2013:0192

REDHAT - RHSA-2013:0191

REDHAT - RHSA-2012:1559

REDHAT - RHSA-2012:1593

REDHAT - RHSA-2012:1573


Last Updated: 27 May 2016 11:01:31