6.4

CVE-2012-5575

EPSS 12.29%
Published 19.08.2013 23:55:08
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic algorithms than intended and makes it easier to decrypt communications, aka "XML Encryption backwards compatibility attack."

Affected products Warnungen 0 Metrics 2 CWE 0 References 24

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ Cxf Version2.5.0

Apache ≫ Cxf Version2.5.1

Apache ≫ Cxf Version2.5.2

Apache ≫ Cxf Version2.5.3

Apache ≫ Cxf Version2.5.4

Apache ≫ Cxf Version2.5.5

Apache ≫ Cxf Version2.5.6

Apache ≫ Cxf Version2.5.7

Apache ≫ Cxf Version2.5.8

Apache ≫ Cxf Version2.5.9

Apache ≫ Cxf Version2.6.0

Apache ≫ Cxf Version2.6.1

Apache ≫ Cxf Version2.6.2

Apache ≫ Cxf Version2.6.3

Apache ≫ Cxf Version2.6.4

Apache ≫ Cxf Version2.6.5

Apache ≫ Cxf Version2.6.6

Apache ≫ Cxf Version2.7.0

Apache ≫ Cxf Version2.7.1

Apache ≫ Cxf Version2.7.2

Apache ≫ Cxf Version2.7.3

Redhat ≫ Jboss Enterprise Application Platform Version5.0.0

Redhat ≫ Jboss Enterprise Portal Platform Version4.3.0

Redhat ≫ Jboss Enterprise Soa Platform Version4.3.0

Redhat ≫ Jboss Enterprise Web Platform Version5.2.0

Redhat ≫ Jboss Fuse Esb Enterprise Version7.1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	12.29%	0.936

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:P/I:P/A:N

https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E

http://rhn.redhat.com/errata/RHSA-2013-1437.html

http://rhn.redhat.com/errata/RHSA-2013-0833.html

http://rhn.redhat.com/errata/RHSA-2013-1028.html

http://rhn.redhat.com/errata/RHSA-2013-0834.html

http://rhn.redhat.com/errata/RHSA-2013-0839.html

http://cxf.apache.org/cve-2012-5575.html

http://rhn.redhat.com/errata/RHSA-2013-0873.html

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2013-0874.html

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2013-0875.html

http://rhn.redhat.com/errata/RHSA-2013-0876.html

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2013-0943.html

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2013-1143.html

Vendor Advisory

http://www.nds.ruhr-uni-bochum.de/research/publications/backwards-compatibility/

http://www.securityfocus.com/bid/60043

https://bugzilla.redhat.com/show_bug.cgi?id=880443

https://nvd.nist.gov/vuln/detail/CVE-2012-5575

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-5575

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-5575

EUVD