CVE-2012-2378
Apache CXF 2.4.5-2.4.7 2.5.1-2.5.3 < 2.6.1 - Security Policy Bypass via WS-SecurityPolicy SupportingToken
Title source: llmDescription
Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.
References (13)
Core 13
Core References
Patch x_refsource_confirm
http://svn.apache.org/viewvc?view=revision&revision=1337150
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-1594.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-1592.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-1591.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/51607
Vendor Advisory x_refsource_confirm
http://cxf.apache.org/cve-2012-2378.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/53880
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
Scores
EPSS
0.0393
EPSS Percentile
89.2%
Details
CWE
CWE-264
Status
published
Products (8)
apache/cxf
2.4.5
apache/cxf
2.4.6
apache/cxf
2.4.7
apache/cxf
2.5.1
apache/cxf
2.5.2
apache/cxf
2.5.3
apache/cxf
2.6.0
org.apache.cxf/cxf
2.4.5 - 2.4.8Maven
Published
Jan 05, 2013
Tracked Since
Feb 18, 2026