Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2012-5351

Опубликовано: 22 авг. 2012
Источник: redhat
CVSS2: 5.8

Описание

Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.

Отчет

Not Vulnerable. This issue does not affect the version of axis as shipped with JBoss Developer Studio 5 and 6, JBoss Enterprise Portal Platform 5.2.2 and 6.0.0, Red Hat Enterprise Linux 5 and 6, and Red Hat Enterprise Virtualization Manager 3.1.

Ссылки на источники

Дополнительная информация

Статус:

Important
https://bugzilla.redhat.com/show_bug.cgi?id=865168axis2: vulnerable to authentication bypass and forged messages due to a Signature exclusion attack

5.8 Medium

CVSS2

Связанные уязвимости

nvd логотип

CVE-2012-5351

nvd
больше 13 лет назад

Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.

debian логотип

CVE-2012-5351

debian
больше 13 лет назад

Apache Axis2 allows remote attackers to forge messages and bypass auth ...

github логотип

GHSA-66rx-gqx3-p98m

github
больше 3 лет назад

Improper Authentication in Apache Axis2

5.8 Medium

CVSS2