Описание
The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss BRMS 5 | Security | Affected | ||
| Red Hat JBoss SOA Platform 5 | Security | Affected | ||
| Fuse ESB Enterprise 7.1.0 | Fixed | RHSA-2013:0649 | 14.03.2013 | |
| JBEWP 5 for RHEL 5 | apache-cxf | Fixed | RHSA-2013:0259 | 13.02.2013 |
| JBEWP 5 for RHEL 6 | apache-cxf | Fixed | RHSA-2013:0259 | 13.02.2013 |
| JBoss Enterprise BRMS Platform 5.3 | Fixed | RHSA-2013:0743 | 15.04.2013 | |
| Red Hat JBoss Enterprise Application Platform 5.2 | Fixed | RHSA-2013:0256 | 13.02.2013 | |
| Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 | apache-cxf | Fixed | RHSA-2013:0257 | 13.02.2013 |
| Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 | apache-cxf | Fixed | RHSA-2013:0257 | 13.02.2013 |
| Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 | apache-cxf | Fixed | RHSA-2013:0257 | 13.02.2013 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.4 Medium
CVSS2
Связанные уязвимости
The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6 ...
EPSS
6.4 Medium
CVSS2