The WS-SP UsernameToken policy in Apache CXF 2.4.5 and 2.5.1 allows remote malicious users to bypass authentication by sending an empty UsernameToken as part of a SOAP request.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache cxf 2.5.1 |
||
apache cxf 2.4.5 |