CVE-2012-3451

Improper Input Validation in maven/org.apache.cxf/cxf

Identifiers

GHSA-55j7-f5wf-43m4, CVE-2012-3451

Package Slug

maven/org.apache.cxf/cxf

Vulnerability

Improper Input Validation

Description

Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.

Affected Versions

All versions before 2.4.9, all versions starting from 2.5.0 before 2.5.5, all versions starting from 2.6.0 before 2.6.2

Solution

Upgrade to versions 2.4.9, 2.5.5, 2.6.2 or above.

Last Modified

2022-07-24

source