Back to search
CVE-2013-0239
Published: Mar 12, 2013
Modified: Aug 6, 2024
PUBLISHED
Description
Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
90078
vdb-entry
x_refsource_OSVDB
51988
third-party-advisory
x_refsource_SECUNIA
20130208 New security advisories for Apache CXF
mailing-list
x_refsource_FULLDISC
apachecxf-username-tokens-sec-bypass(81981)
vdb-entry
x_refsource_XF
http://cxf.apache.org/cve-2013-0239.html
x_refsource_CONFIRM
57876
vdb-entry
x_refsource_BID
RHSA-2013:0749
vendor-advisory
x_refsource_REDHAT
http://svn.apache.org/viewvc?view=revision&revision=1438424
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now