Описание
Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss BRMS 5 | Security | Affected | ||
| Red Hat JBoss SOA Platform 5 | Security | Affected | ||
| JBEWP 5 for RHEL 5 | apache-cxf | Fixed | RHSA-2013:0259 | 13.02.2013 |
| JBEWP 5 for RHEL 6 | apache-cxf | Fixed | RHSA-2013:0259 | 13.02.2013 |
| JBoss Enterprise BRMS Platform 5.3 | Fixed | RHSA-2013:0743 | 15.04.2013 | |
| Red Hat JBoss Enterprise Application Platform 5.2 | Fixed | RHSA-2013:0256 | 13.02.2013 | |
| Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 | apache-cxf | Fixed | RHSA-2013:0257 | 13.02.2013 |
| Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 | apache-cxf | Fixed | RHSA-2013:0257 | 13.02.2013 |
| Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 | apache-cxf | Fixed | RHSA-2013:0257 | 13.02.2013 |
| Red Hat JBoss Enterprise Application Platform 6.0 | Fixed | RHSA-2012:1594 | 18.12.2012 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=851896apache-cxf: SOAPAction spoofing on document literal web services
EPSS
Процентиль: 93%
0.09969
Низкий
4.3 Medium
CVSS2
Связанные уязвимости
nvd
больше 13 лет назад
Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
EPSS
Процентиль: 93%
0.09969
Низкий
4.3 Medium
CVSS2