Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

apache cxf 2.5.0 vulnerabilities and exploits

(subscribe to this query)
NA
CVE-2012-2379
Apache CXF 2.4.x prior to 2.4.8, 2.5.x prior to 2.5.4, and 2.6.x prior to 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
Apache Cxf 2.4.6Apache Cxf 2.4.0Apache Cxf 2.4.3Apache Cxf 2.4.4Apache Cxf 2.4.2Apache Cxf 2.4.1Apache Cxf 2.4.7Apache Cxf 2.4.5Apache Cxf 2.5.2Apache Cxf 2.5.3Apache Cxf 2.5.0Apache Cxf 2.5.1Apache Cxf 2.6.0
NA
CVE-2012-5633
The URIMappingInterceptor in Apache CXF prior to 2.5.8, 2.6.x prior to 2.6.5, and 2.7.x prior to 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote malicious users to obtain access to SOAP services via an HTTP GET request.
Apache Cxf 2.5.2Apache Cxf 2.5.3Apache Cxf 2.5.0Apache Cxf 2.5.1Apache Cxf 2.5.5Apache Cxf 2.5.6Apache CxfApache Cxf 2.5.4Apache Cxf 2.6.0Apache Cxf 2.6.2Apache Cxf 2.6.3Apache Cxf 2.6.4Apache Cxf 2.6.1Apache Cxf 2.7.0Apache Cxf 2.7.1
NA
CVE-2013-0239
Apache CXF prior to 2.5.9, 2.6.x prior to 2.6.6, and 2.7.x prior to 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote malicious users to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a...
Apache Cxf 2.5.2Apache Cxf 2.4.6Apache Cxf 2.5.3Apache Cxf 2.4.0Apache Cxf 2.4.3Apache Cxf 2.5.7Apache Cxf 2.4.4Apache Cxf 2.4.2Apache Cxf 2.5.0Apache Cxf 2.5.1Apache Cxf 2.5.5Apache CxfApache Cxf 2.4.1Apache Cxf 2.5.6Apache Cxf 2.4.7Apache Cxf 2.4.5Apache Cxf 2.5.4Apache Cxf 2.6.0Apache Cxf 2.6.2Apache Cxf 2.6.5Apache Cxf 2.6.3Apache Cxf 2.6.4
NA
CVE-2012-5575
Apache CXF 2.5.x prior to 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote malicious users to force CXF to use w...
Apache Cxf 2.5.2Apache Cxf 2.5.9Redhat Jboss Enterprise Web Platform 5.2.0Redhat Jboss Enterprise Soa Platform 4.3.0Apache Cxf 2.6.0Apache Cxf 2.5.3Apache Cxf 2.7.3Apache Cxf 2.5.7Redhat Jboss Fuse Esb Enterprise 7.1.0Apache Cxf 2.6.2Apache Cxf 2.5.0Apache Cxf 2.5.1Apache Cxf 2.5.5Apache Cxf 2.5.8Apache Cxf 2.6.5Apache Cxf 2.7.0Apache Cxf 2.6.6Apache Cxf 2.6.3Redhat Jboss Enterprise Portal Platform 4.3.0Apache Cxf 2.5.6Apache Cxf 2.6.4Apache Cxf 2.6.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook