Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2012-5633
HistoryMar 12, 2013 - 11:55 p.m.

CVE-2012-5633

2013-03-1223:55:01
CWE-287
[email protected]
web.nvd.nist.gov
4

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

6.4

Confidence

Low

EPSS

0.002

Percentile

61.9%

JSON

The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.

Affected configurations

Nvd
Node
apachecxfRange2.5.7
OR
apachecxfMatch2.5.0
OR
apachecxfMatch2.5.1
OR
apachecxfMatch2.5.2
OR
apachecxfMatch2.5.3
OR
apachecxfMatch2.5.4
OR
apachecxfMatch2.5.5
OR
apachecxfMatch2.5.6
Node
apachecxfMatch2.6.0
OR
apachecxfMatch2.6.1
OR
apachecxfMatch2.6.2
OR
apachecxfMatch2.6.3
OR
apachecxfMatch2.6.4
Node
apachecxfMatch2.7.0
OR
apachecxfMatch2.7.1

References

Related

ubuntucve 1
cvelist 1
osv 1
github 1
prion 1
cve 1
veracode 1
nessus 3
redhat 10
f5 2
ibm 1
ubuntucve
ubuntucve
CVE-2012-5633
2013-03-12 00:00:00
cvelist
cvelist
CVE-2012-5633
2013-03-12 22:00:00
osv
osv
Improper Authentication in Apache CXF
2022-05-13 01:09:21
github
github
Improper Authentication in Apache CXF
2022-05-13 01:09:21
prion
prion
Cross site request forgery (csrf)
2013-03-12 23:55:00
cve
cve
CVE-2012-5633
2013-03-12 23:55:01
veracode
veracode
WSS4JInInterceptor Bypasses WS Security Processing
2019-01-15 09:00:33
nessus
nessus
RHEL 5 / 6 : JBoss EAP (RHSA-2013:0257)
2013-02-14 00:00:00
RHEL 5 / 6 : apache-cxf (RHSA-2013:0644)
2013-03-14 00:00:00
RHEL 5 / 6 : JBoss Enterprise Web Platform 5.2.0 (RHSA-2013:0259)
2024-04-21 00:00:00
redhat
redhat
(RHSA-2013:0743) Important: JBoss Enterprise BRMS Platform 5.3.1 update
2013-04-15 00:00:00
(RHSA-2013:0645) Important: apache-cxf security update
2013-03-13 18:42:37
(RHSA-2013:0644) Important: apache-cxf security update
2013-03-13 00:00:00
f5
f5
SOL15580 - Apache CXF and JBoss vulnerabilities
2014-09-11 00:00:00
K15580 : Apache CXF and JBoss vulnerabilities
2014-09-11 00:00:00
ibm
ibm
Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to security vulnerability
2019-07-19 16:20:01

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

6.4

Confidence

Low

EPSS

0.002

Percentile

61.9%

JSON
Related for NVD:CVE-2012-5633
ubuntucve1cvelist1osv1github1prion1cve1veracode1nessus3redhat10f52ibm1