4.3

CVE-2012-3451

Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheCxf Version < 2.4.9
ApacheCxf Version >= 2.5.0 < 2.5.5
ApacheCxf Version >= 2.6.0 < 2.6.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 8.88% 0.946
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://rhn.redhat.com/errata/RHSA-2012-1591.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-1592.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-1594.html
Third Party Advisory
http://secunia.com/advisories/51607
Third Party Advisory
https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
http://cxf.apache.org/cve-2012-3451.html
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-0256.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0257.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0258.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0259.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0726.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0743.html
Third Party Advisory
http://secunia.com/advisories/52183
Third Party Advisory
http://svn.apache.org/viewvc?view=revision&revision=1368559
Patch
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=851896
Third Party Advisory
Issue Tracking
https://exchange.xforce.ibmcloud.com/vulnerabilities/78734
Third Party Advisory
VDB Entry