Lucene search

PRIOn knowledge basePRION:CVE-2012-5633

HistoryMar 12, 2013 - 11:55 p.m.

Cross site request forgery (csrf)

2013-03-1223:55:00

PRIOn knowledge base

www.prio-n.com

6.9 Medium

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

61.0%

JSON

The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.

CPENameOperatorVersion
cxfeq2.5.2
cxfeq2.5.3
cxfeq2.5.0
cxfeq2.5.1
cxfeq2.5.5
cxfeq2.5.6
cxfle2.5.7
cxfeq2.5.4
cxfeq2.6.0
cxfeq2.6.2

Name	Operator	Version
cxf	eq	2.5.2
cxf	eq	2.5.3
cxf	eq	2.5.0
cxf	eq	2.5.1
cxf	eq	2.5.5
cxf	eq	2.5.6
cxf	le	2.5.7
cxf	eq	2.5.4
cxf	eq	2.6.0
cxf	eq	2.6.2

Rows per page:

1-10 of 151

References

cxf.apache.org/cve-2012-5633.html

osvdb.org/90079

packetstormsecurity.com/files/120213/Apache-CXF-WS-Security-URIMappingInterceptor-Bypass.html

rhn.redhat.com/errata/RHSA-2013-0256.html

rhn.redhat.com/errata/RHSA-2013-0257.html

rhn.redhat.com/errata/RHSA-2013-0258.html

rhn.redhat.com/errata/RHSA-2013-0259.html

rhn.redhat.com/errata/RHSA-2013-0726.html

rhn.redhat.com/errata/RHSA-2013-0743.html

rhn.redhat.com/errata/RHSA-2013-0749.html

seclists.org/fulldisclosure/2013/Feb/39

secunia.com/advisories/51988

secunia.com/advisories/52183

stackoverflow.com/questions/7933293/why-does-apache-cxf-ws-security-implementation-ignore-get-requests

svn.apache.org/viewvc?view=revision&revision=1409324

svn.apache.org/viewvc?view=revision&revision=1420698

www.securityfocus.com/bid/57874

exchange.xforce.ibmcloud.com/vulnerabilities/81980

issues.apache.org/jira/browse/CXF-4629

issues.jboss.org/browse/JBWS-3575

lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E

lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E

lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E

lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E

lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E

lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E

6.9 Medium

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

61.0%

JSON

Related for PRION:CVE-2012-5633