CVE-2012-0803

Improper Authentication in maven/org.apache.cxf/cxf

Identifiers

GHSA-2p7x-jcr3-7p2c, CVE-2012-0803

Package Slug

maven/org.apache.cxf/cxf

Vulnerability

Improper Authentication

Description

The WS-SP UsernameToken policy in Apache CXF 2.4.5 and 2.5.1 allows remote attackers to bypass authentication by sending an empty UsernameToken as part of a SOAP request.

Affected Versions

All versions starting from 2.4.0 up to 2.4.5, all versions starting from 2.5.0 up to 2.5.1

Solution

Upgrade to versions 2.4.6, 2.5.2 or above.

Last Modified

2022-07-24

source