6.4
CVSSv2

CVE-2012-5575

Published: 19/08/2013 Updated: 03/07/2018
CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10
VMScore: 571
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

Vulnerability Summary

Apache CXF 2.5.x prior to 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote malicious users to force CXF to use weaker cryptographic algorithms than intended and makes it easier to decrypt communications, aka "XML Encryption backwards compatibility attack."

Affected Products

Vendor Product Versions
ApacheCxf2.5.0, 2.5.1, 2.5.2, 2.5.3, 2.5.4, 2.5.5, 2.5.6, 2.5.7, 2.5.8, 2.5.9, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 2.7.0, 2.7.1, 2.7.2, 2.7.3
RedhatJboss Enterprise Application Platform5.0.0
RedhatJboss Enterprise Portal Platform4.3.0
RedhatJboss Enterprise Soa Platform4.3.0
RedhatJboss Enterprise Web Platform5.2.0
RedhatJboss Fuse Esb Enterprise7.1.0

Github Repositories