CVE-2012-2378

2013-01-05T00:55:00
ID CVE-2012-2378
Type cve
Reporter cve@mitre.org
Modified 2013-02-12T05:08:00

Description

Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.