5.8

CVE-2012-5633

The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheCxf Version <= 2.5.7
ApacheCxf Version2.5.0
ApacheCxf Version2.5.1
ApacheCxf Version2.5.2
ApacheCxf Version2.5.3
ApacheCxf Version2.5.4
ApacheCxf Version2.5.5
ApacheCxf Version2.5.6
ApacheCxf Version2.6.0
ApacheCxf Version2.6.1
ApacheCxf Version2.6.2
ApacheCxf Version2.6.3
ApacheCxf Version2.6.4
ApacheCxf Version2.7.0
ApacheCxf Version2.7.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 8.16% 0.941
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:P/I:P/A:N
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
http://rhn.redhat.com/errata/RHSA-2013-0256.html
http://rhn.redhat.com/errata/RHSA-2013-0257.html
http://rhn.redhat.com/errata/RHSA-2013-0258.html
http://rhn.redhat.com/errata/RHSA-2013-0259.html
http://rhn.redhat.com/errata/RHSA-2013-0726.html
http://rhn.redhat.com/errata/RHSA-2013-0743.html
http://secunia.com/advisories/52183
Vendor Advisory
http://cxf.apache.org/cve-2012-5633.html
Vendor Advisory
http://osvdb.org/90079
http://packetstormsecurity.com/files/120213/Apache-CXF-WS-Security-URIMappingInterceptor-Bypass.html
http://rhn.redhat.com/errata/RHSA-2013-0749.html
http://seclists.org/fulldisclosure/2013/Feb/39
http://secunia.com/advisories/51988
Vendor Advisory
http://stackoverflow.com/questions/7933293/why-does-apache-cxf-ws-security-implementation-ignore-get-requests
http://svn.apache.org/viewvc?view=revision&revision=1409324
http://svn.apache.org/viewvc?view=revision&revision=1420698
http://www.securityfocus.com/bid/57874
https://exchange.xforce.ibmcloud.com/vulnerabilities/81980
https://issues.apache.org/jira/browse/CXF-4629
https://issues.jboss.org/browse/JBWS-3575