CVE-2012-5633

Improper Authentication in maven/org.apache.cxf/cxf

Identifiers

GHSA-xf9f-32gh-h2w4, CVE-2012-5633

Package Slug

maven/org.apache.cxf/cxf

Vulnerability

Improper Authentication

Description

The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.

Affected Versions

All versions before 2.5.8, all versions starting from 2.6.0 before 2.6.5, all versions starting from 2.7.0 before 2.7.2

Solution

Upgrade to versions 2.5.8, 2.6.5, 2.7.2 or above.

Last Modified

2022-07-24

source