CVE-2012-2378
Description
Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
Risk Information
Base Score
8.6
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
EPSS Score
Exploitation Probability
4.238
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2012-2379,CVE-2012-2378 are fixed in Apache - cxf 2.4.8 | Windows |
| Vulnerabilities CVE-2012-2379,CVE-2012-2378 are fixed in Apache - cxf 2.6.1 | Windows |
| Vulnerabilities CVE-2012-2378 are fixed in Apache - cxf 2.5.3 | Windows |
| Vulnerabilities CVE-2012-2379,CVE-2012-2378 are fixed in Apache - cxf for Linux 2.4.8 | Linux |
| Vulnerabilities CVE-2012-2379,CVE-2012-2378 are fixed in Apache - cxf for Linux 2.6.1 | Linux |
| Vulnerabilities CVE-2012-2378 are fixed in Apache - cxf for Linux 2.5.3 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234