CVE-2012-5575

Apache CXF Cryptographic Downgrade via WS-SecurityPolicy AlgorithmSuite Bypass

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-5575. PoCs published by tafamace.

AI-analyzed exploit summary The provided code is a simple Java stub that prints command-line arguments, lacking any exploit logic for CVE-2012-5575. It does not demonstrate the vulnerability or offensive techniques.

Description

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic algorithms than intended and makes it easier to decrypt communications, aka "XML Encryption backwards compatibility attack."

Exploits (1)

nomisec STUB
by tafamace · poc
https://github.com/tafamace/CVE-2012-5575

The provided code is a simple Java stub that prints command-line arguments, lacking any exploit logic for CVE-2012-5575. It does not demonstrate the vulnerability or offensive techniques.

Classification
Stub 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: unknown
No auth needed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (21)

Core 21
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0943.html
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=880443
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0839.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0875.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/60043
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0833.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1437.html
Various Sources x_refsource_confirm
http://cxf.apache.org/cve-2012-5575.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1143.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0876.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1028.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0834.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0873.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0874.html

Scores

EPSS 0.0950
EPSS Percentile 93.0%

Details

CWE
CWE-310
Status published
Products (27)
apache/cxf 2.5.0
apache/cxf 2.5.1
apache/cxf 2.5.2
apache/cxf 2.5.3
apache/cxf 2.5.4
apache/cxf 2.5.5
apache/cxf 2.5.6
apache/cxf 2.5.7
apache/cxf 2.5.8
apache/cxf 2.5.9
... and 17 more
Published Aug 19, 2013
Tracked Since Feb 18, 2026