CVE-2012-5351

Apache Axis2 < 1.6.4 - Authentication Bypass via SAML Signature Exclusion

Title source: llm

Description

Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/79487

Vendor Advisory x_refsource_misc

https://www.oracle.com/security-alerts/cpuapr2022.html

Various Sources x_refsource_misc

http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf

Scores

EPSS 0.0509

EPSS Percentile 91.3%

Details

CWE

CWE-287

Status published

Products (2)

apache/axis2

org.apache.axis2/axis2 0 - 1.6.4Maven

Published Oct 09, 2012

Tracked Since Feb 18, 2026