6.4

CVE-2012-5575

EPSS 12.29%
Veröffentlicht 19.08.2013 23:55:08
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic algorithms than intended and makes it easier to decrypt communications, aka "XML Encryption backwards compatibility attack."

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 24

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Cxf Version2.5.0

Apache ≫ Cxf Version2.5.1

Apache ≫ Cxf Version2.5.2

Apache ≫ Cxf Version2.5.3

Apache ≫ Cxf Version2.5.4

Apache ≫ Cxf Version2.5.5

Apache ≫ Cxf Version2.5.6

Apache ≫ Cxf Version2.5.7

Apache ≫ Cxf Version2.5.8

Apache ≫ Cxf Version2.5.9

Apache ≫ Cxf Version2.6.0

Apache ≫ Cxf Version2.6.1

Apache ≫ Cxf Version2.6.2

Apache ≫ Cxf Version2.6.3

Apache ≫ Cxf Version2.6.4

Apache ≫ Cxf Version2.6.5

Apache ≫ Cxf Version2.6.6

Apache ≫ Cxf Version2.7.0

Apache ≫ Cxf Version2.7.1

Apache ≫ Cxf Version2.7.2

Apache ≫ Cxf Version2.7.3

Redhat ≫ Jboss Enterprise Application Platform Version5.0.0

Redhat ≫ Jboss Enterprise Portal Platform Version4.3.0

Redhat ≫ Jboss Enterprise Soa Platform Version4.3.0

Redhat ≫ Jboss Enterprise Web Platform Version5.2.0

Redhat ≫ Jboss Fuse Esb Enterprise Version7.1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	12.29%	0.936

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:P/I:P/A:N

https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E

http://rhn.redhat.com/errata/RHSA-2013-1437.html

http://rhn.redhat.com/errata/RHSA-2013-0833.html

http://rhn.redhat.com/errata/RHSA-2013-1028.html

http://rhn.redhat.com/errata/RHSA-2013-0834.html

http://rhn.redhat.com/errata/RHSA-2013-0839.html

http://cxf.apache.org/cve-2012-5575.html

http://rhn.redhat.com/errata/RHSA-2013-0873.html

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2013-0874.html

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2013-0875.html

http://rhn.redhat.com/errata/RHSA-2013-0876.html

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2013-0943.html

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2013-1143.html

Vendor Advisory

http://www.nds.ruhr-uni-bochum.de/research/publications/backwards-compatibility/

http://www.securityfocus.com/bid/60043

https://bugzilla.redhat.com/show_bug.cgi?id=880443

https://nvd.nist.gov/vuln/detail/CVE-2012-5575

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-5575

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-5575

EUVD