Back to search
CVE-2012-5633
Published: Mar 12, 2013
Modified: Aug 6, 2024
PUBLISHED
Description
The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
51988
third-party-advisory
x_refsource_SECUNIA
http://svn.apache.org/viewvc?view=revision&revision=1409324
x_refsource_CONFIRM
20130208 New security advisories for Apache CXF
mailing-list
x_refsource_FULLDISC
RHSA-2013:0256
vendor-advisory
x_refsource_REDHAT
90079
vdb-entry
x_refsource_OSVDB
RHSA-2013:0257
vendor-advisory
x_refsource_REDHAT
http://svn.apache.org/viewvc?view=revision&revision=1420698
x_refsource_CONFIRM
https://issues.jboss.org/browse/JBWS-3575
x_refsource_MISC
57874
vdb-entry
x_refsource_BID
https://issues.apache.org/jira/browse/CXF-4629
x_refsource_CONFIRM
RHSA-2013:0258
vendor-advisory
x_refsource_REDHAT
52183
third-party-advisory
x_refsource_SECUNIA
RHSA-2013:0749
vendor-advisory
x_refsource_REDHAT
RHSA-2013:0743
vendor-advisory
x_refsource_REDHAT
http://cxf.apache.org/cve-2012-5633.html
x_refsource_CONFIRM
apachecxf-wssecurity-security-bypass(81980)
vdb-entry
x_refsource_XF
RHSA-2013:0259
vendor-advisory
x_refsource_REDHAT
RHSA-2013:0726
vendor-advisory
x_refsource_REDHAT
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now