165 matches found
apache-cxf: Apache CXF does not verify that elements were signed / encrypted by a particular Supporting Token
Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors...
apache-cxf: Apache CXF does not verify that elements were signed / encrypted by a particular Supporting Token
Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors...
apache-cxf: Apache CXF does not verify that elements were signed / encrypted by a particular Supporting Token
Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors...
apache-cxf: Apache CXF does not verify that elements were signed / encrypted by a particular Supporting Token
Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors...
PT-2013-1563 · Apache · Apache Cxf
Name of the Vulnerable Software and Affected Versions: Apache CXF versions 2.4.x through 2.4.7 Apache CXF versions 2.5.x through 2.5.3 Apache CXF versions 2.6.x through 2.6.0 Description: The issue arises when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, and the...
apache-cxf: Apache CXF does not verify that elements were signed / encrypted by a particular Supporting Token
Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors...
apache-cxf: Certain child policies of WS-SecurityPolicy 1.1 SupportingToken policy not applied on the client side
Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the 1 AlgorithmSuite, 2 SignedParts, 3 SignedElements, 4...
apache-cxf: Apache CXF does not verify that elements were signed / encrypted by a particular Supporting Token
Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors...
apache-cxf: Apache CXF does not verify that elements were signed / encrypted by a particular Supporting Token
Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors...
apache-cxf: Apache CXF does not verify that elements were signed / encrypted by a particular Supporting Token
Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors...
Java Applet JAX-WS Remote Code Execution (CVE-2012-5076)
A security bypass vulnerability has been reported in Java Runtime Environment JRE...
Important: Red Hat Security Advisory: JBoss Enterprise Portal Platform 5.2.2 security update
An update for the JBoss Web Services component in JBoss Enterprise Portal Platform 5.2.2 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring...
Important: Red Hat Security Advisory: JBoss Enterprise SOA Platform 5.3.0 security update
An update for the JBoss Web Services component in JBoss Enterprise SOA Platform 5.3.0 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring Syste...
IBM WebSphere Application Server 7.0 < Fix Pack 23 Multiple Vulnerabilities
IBM WebSphere Application Server 7.0 before Fix Pack 23 appears to be running on the remote host. As such, it is potentially affected by the following vulnerabilities : - A security exposure when using WS-Security could result in a user gaining elevated privileges in applications using JAX-RPC...
IBM WebSphere Application Server 8.0 < Fix Pack 3 Multiple Vulnerabilities
IBM WebSphere Application Server 8.0 before Fix Pack 3 appears to be running on the remote host and is potentially affected by the following vulnerabilities : - Unspecified cross-site scripting issues exist related to the administrative console. PM52274, PM53132 - An issue related to the weak...
IBM WebSphere Application Server 7.0 < Fix Pack 21 Multiple Vulnerabilities
IBM WebSphere Application Server 7.0 before Fix Pack 21 appears to be running on the remote host. As such, it is potentially affected by the following vulnerabilities : - An unspecified cross-site scripting issue exists related to the 'Web 2.0 Messaging service'. PM37840 - A security exposure whe...
IBM WebSphere Application Server 6.1 < 6.1.0.43 Multiple Vulnerabilities
IBM WebSphere Application Server 6.1 before Fix Pack 43 appears to be running on the remote host. As such, it is potentially affected by the following vulnerabilities : - An unspecified error exists related to WS-Security enabled JAX-RPC applications. PM45181 - Insecure file permissions are appli...
IBM WebSphere Application Server 8.0 < Fix Pack 2 Multiple Vulnerabilities
IBM WebSphere Application Server 8.0 before Fix Pack 2 appears to be running on the remote host and is potentially affected by the following vulnerabilities : - An unspecified cross-site scripting issue exists related to the 'Web 2.0 Messaging service'. PM37840 - A security exposure when using...
CVE-2011-1377
The Web Services Security component in the Web Services Feature Pack before 6.1.0.41 for IBM WebSphere Application Server WAS 6.1 does not properly handle the enabling of WS-Security for a JAX-WS application, which has unspecified impact and attack vectors...
IBM WebSphere Application Server WS-Security XML Encryption Weakness Vulnerability (May 2011)
IBM WebSphere Application Server is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...