CVE-2012-4418: Improper Authentication
(updated )
Apache Axis2 allows remote attackers to forge messages and bypass authentication via an “XML Signature wrapping attack.”
References
- www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf
- www.openwall.com/lists/oss-security/2012/09/12/1
- www.openwall.com/lists/oss-security/2012/09/13/1
- bugzilla.redhat.com/show_bug.cgi?id=856755
- github.com/advisories/GHSA-88r4-38gc-97p4
- issues.apache.org/jira/browse/AXIS2-5930
- issues.apache.org/jira/browse/AXIS2C-1694
- nvd.nist.gov/vuln/detail/CVE-2012-4418
- web.archive.org/web/20121114075457/http://www.securityfocus.com/bid/55508
Detect and mitigate CVE-2012-4418 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →