Vulnerabilities

CVE-2012-2378

by Fred · 04/01/2013

Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.

Date published : 2013-01-04

http://www.securityfocus.com/bid/53880

http://cxf.apache.org/cve-2012-2378.html

Similar

Tags: Cybersecurity Alert