Описание
Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss BRMS 5 | Security | Affected | ||
| Red Hat JBoss SOA Platform 5 | Security | Affected | ||
| JBEWP 5 for RHEL 5 | aopalliance | Fixed | RHSA-2013:0196 | 24.01.2013 |
| JBEWP 5 for RHEL 5 | apache-cxf | Fixed | RHSA-2013:0196 | 24.01.2013 |
| JBEWP 5 for RHEL 5 | bsh2 | Fixed | RHSA-2013:0196 | 24.01.2013 |
| JBEWP 5 for RHEL 5 | glassfish-jaxb | Fixed | RHSA-2013:0196 | 24.01.2013 |
| JBEWP 5 for RHEL 5 | google-guice | Fixed | RHSA-2013:0196 | 24.01.2013 |
| JBEWP 5 for RHEL 5 | hibernate3 | Fixed | RHSA-2013:0196 | 24.01.2013 |
| JBEWP 5 for RHEL 5 | hibernate3-annotations | Fixed | RHSA-2013:0196 | 24.01.2013 |
| JBEWP 5 for RHEL 5 | hibernate3-entitymanager | Fixed | RHSA-2013:0196 | 24.01.2013 |
Показывать по
10
Дополнительная информация
Статус:
Important
https://bugzilla.redhat.com/show_bug.cgi?id=826534apache-cxf: Apache CXF does not verify that elements were signed / encrypted by a particular Supporting Token
EPSS
Процентиль: 88%
0.03752
Низкий
5.8 Medium
CVSS2
Связанные уязвимости
nvd
около 13 лет назад
Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
EPSS
Процентиль: 88%
0.03752
Низкий
5.8 Medium
CVSS2