Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
13 Feb 2023, 00:24
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
16 Jun 2021, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Apr 2021, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2013-01-03 01:55
Updated : 2023-12-10 11:16
NVD link : CVE-2012-2379
Mitre link : CVE-2012-2379
CVE.ORG link : CVE-2012-2379
JSON object : View
Products Affected
apache
- cxf
CWE