Описание
The WS-SP UsernameToken policy in Apache CXF 2.4.5 and 2.5.1 allows remote attackers to bypass authentication by sending an empty UsernameToken as part of a SOAP request.
Ссылки
- Mailing ListPatchThird Party Advisory
- PatchVendor Advisory
- Mailing ListPatchThird Party Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:apache:cxf:2.4.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.5.1:*:*:*:*:*:*:*
EPSS
Процентиль: 71%
0.00671
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-287
Связанные уязвимости
redhat
около 14 лет назад
The WS-SP UsernameToken policy in Apache CXF 2.4.5 and 2.5.1 allows remote attackers to bypass authentication by sending an empty UsernameToken as part of a SOAP request.
EPSS
Процентиль: 71%
0.00671
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-287