CVE-2012-5575
Description
Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic algorithms than intended and makes it easier to decrypt communications, aka XML Encryption backwards compatibility attack.
Risk Information
Base Score
9.1
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
9.505
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2012-5575 are fixed in Apache-cxf-rt-transports-http 2.5.10 | Windows |
| Vulnerabilities CVE-2012-5575 are fixed in Apache-cxf-rt-transports-http 2.6.7 | Windows |
| Vulnerabilities CVE-2012-5575 are fixed in Apache-cxf-rt-transports-http 2.7.4 | Windows |
| Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 5.0.0 | Windows |
| Vulnerabilities CVE-2012-5575 are fixed in Apache-cxf-rt-transports-http for Linux 2.5.10 | Linux |
| Vulnerabilities CVE-2012-5575 are fixed in Apache-cxf-rt-transports-http for Linux 2.6.7 | Linux |
| Vulnerabilities CVE-2012-5575 are fixed in Apache-cxf-rt-transports-http for Linux 2.7.4 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234