Описание
The WS-SP UsernameToken policy in Apache CXF 2.4.5 and 2.5.1 allows remote attackers to bypass authentication by sending an empty UsernameToken as part of a SOAP request.
Отчет
Not Vulnerable. This issue only affects Apache CXF 2.4.5 and 2.5.1. Earlier versions were not affected and later versions include a fix for this issue. This issue does not affect the versions of Apache CXF as shipped with various Red Hat products.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss SOA Platform 5 | Distribution | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Important
https://bugzilla.redhat.com/show_bug.cgi?id=788208CXF: improper validation of UsernameToken policies
EPSS
Процентиль: 71%
0.00671
Низкий
5.8 Medium
CVSS2
Связанные уязвимости
CVSS3: 9.8
nvd
больше 8 лет назад
The WS-SP UsernameToken policy in Apache CXF 2.4.5 and 2.5.1 allows remote attackers to bypass authentication by sending an empty UsernameToken as part of a SOAP request.
EPSS
Процентиль: 71%
0.00671
Низкий
5.8 Medium
CVSS2