Описание
The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Одно из
Одно из
Одно из
EPSS
5.8 Medium
CVSS2
Дефекты
Связанные уязвимости
The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6 ...
EPSS
5.8 Medium
CVSS2