CVE-2012-2379
Description
Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
Risk Information
Base Score
9.8
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
3.752
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2012-2379,CVE-2012-2378 are fixed in Apache - cxf 2.4.8 | Windows |
| Vulnerabilities CVE-2012-2379 are fixed in Apache - cxf 2.5.4 | Windows |
| Vulnerabilities CVE-2012-2379,CVE-2012-2378 are fixed in Apache - cxf 2.6.1 | Windows |
| Vulnerabilities CVE-2012-2379,CVE-2012-2378 are fixed in Apache - cxf for Linux 2.4.8 | Linux |
| Vulnerabilities CVE-2012-2379 are fixed in Apache - cxf for Linux 2.5.4 | Linux |
| Vulnerabilities CVE-2012-2379,CVE-2012-2378 are fixed in Apache - cxf for Linux 2.6.1 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234