CVE-2012-5351

Improper Authentication in maven/org.apache.axis2/axis2

Identifiers

GHSA-66rx-gqx3-p98m, CVE-2012-5351

Package Slug

maven/org.apache.axis2/axis2

Vulnerability

Improper Authentication

Description

Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.

Affected Versions

All versions before 1.6.4

Solution

Upgrade to version 1.6.4 or above.

Last Modified

2022-07-24

source