CVE-2012-4418

Apache Axis2 < 1.7.9 - Authentication Bypass

Title source: rule

Description

Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."

References (5)

[Exploit] http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=856755

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/55508

[Mailing List] http://www.openwall.com/lists/oss-security/2012/09/12/1

[Mailing List] http://www.openwall.com/lists/oss-security/2012/09/13/1

Scores

EPSS 0.0041

EPSS Percentile 60.7%

Classification

CWE

CWE-287

Status draft

Affected Products (2)

apache/axis2

org.apache.axis2/axis2 < 1.7.9Maven

Timeline

Published Oct 09, 2012

Tracked Since Feb 18, 2026