Lucene search
K

165 matches found

RedHat Linux
RedHat Linux
added 2013/01/24 6:44 p.m.6 views

apache-cxf: Apache CXF does not verify that elements were signed / encrypted by a particular Supporting Token

Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors...

10CVSS6.5AI score0.04112EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2013/01/24 6:41 p.m.7 views

apache-cxf: Apache CXF does not verify that elements were signed / encrypted by a particular Supporting Token

Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors...

10CVSS6.5AI score0.04112EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2013/01/24 6:28 p.m.8 views

apache-cxf: Apache CXF does not verify that elements were signed / encrypted by a particular Supporting Token

Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors...

10CVSS6.5AI score0.04112EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2013/01/24 6:7 p.m.5 views

apache-cxf: Apache CXF does not verify that elements were signed / encrypted by a particular Supporting Token

Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors...

10CVSS6.5AI score0.04112EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2013/01/03 12:0 a.m.3 views

PT-2013-1563 · Apache · Apache Cxf

Name of the Vulnerable Software and Affected Versions: Apache CXF versions 2.4.x through 2.4.7 Apache CXF versions 2.5.x through 2.5.3 Apache CXF versions 2.6.x through 2.6.0 Description: The issue arises when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, and the...

10CVSS5.9AI score0.04112EPSS
Exploits1References37
RedHat Linux
RedHat Linux
added 2012/12/18 10:43 p.m.3 views

apache-cxf: Apache CXF does not verify that elements were signed / encrypted by a particular Supporting Token

Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors...

10CVSS6.5AI score0.04112EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2012/12/18 10:23 p.m.5 views

apache-cxf: Certain child policies of WS-SecurityPolicy 1.1 SupportingToken policy not applied on the client side

Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the 1 AlgorithmSuite, 2 SignedParts, 3 SignedElements, 4...

4.3CVSS7.4AI score0.03926EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2012/12/18 10:17 p.m.9 views

apache-cxf: Apache CXF does not verify that elements were signed / encrypted by a particular Supporting Token

Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors...

10CVSS6.5AI score0.04112EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2012/12/13 12:25 a.m.5 views

apache-cxf: Apache CXF does not verify that elements were signed / encrypted by a particular Supporting Token

Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors...

10CVSS6.5AI score0.04112EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2012/12/13 12:24 a.m.3 views

apache-cxf: Apache CXF does not verify that elements were signed / encrypted by a particular Supporting Token

Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors...

10CVSS6.5AI score0.04112EPSS
Exploits1References5
Check Point Advisories
Check Point Advisories
added 2012/12/02 12:0 a.m.16 views

Java Applet JAX-WS Remote Code Execution (CVE-2012-5076)

A security bypass vulnerability has been reported in Java Runtime Environment JRE...

8.8AI score0.91013EPSS
Exploits18
RedHat Linux
RedHat Linux
added 2012/10/08 4:38 p.m.7 views

Important: Red Hat Security Advisory: JBoss Enterprise Portal Platform 5.2.2 security update

An update for the JBoss Web Services component in JBoss Enterprise Portal Platform 5.2.2 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring...

5CVSS6.4AI score0.02587EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2012/10/03 3:8 p.m.17 views

Important: Red Hat Security Advisory: JBoss Enterprise SOA Platform 5.3.0 security update

An update for the JBoss Web Services component in JBoss Enterprise SOA Platform 5.3.0 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring Syste...

5CVSS6.5AI score0.02587EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2012/06/27 12:0 a.m.31 views

IBM WebSphere Application Server 7.0 < Fix Pack 23 Multiple Vulnerabilities

IBM WebSphere Application Server 7.0 before Fix Pack 23 appears to be running on the remote host. As such, it is potentially affected by the following vulnerabilities : - A security exposure when using WS-Security could result in a user gaining elevated privileges in applications using JAX-RPC...

10CVSS7.8AI score0.02404EPSS
Exploits2References13
Tenable Nessus
Tenable Nessus
added 2012/06/14 12:0 a.m.32 views

IBM WebSphere Application Server 8.0 < Fix Pack 3 Multiple Vulnerabilities

IBM WebSphere Application Server 8.0 before Fix Pack 3 appears to be running on the remote host and is potentially affected by the following vulnerabilities : - Unspecified cross-site scripting issues exist related to the administrative console. PM52274, PM53132 - An issue related to the weak...

10CVSS8AI score0.02404EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2012/04/04 12:0 a.m.57 views

IBM WebSphere Application Server 7.0 < Fix Pack 21 Multiple Vulnerabilities

IBM WebSphere Application Server 7.0 before Fix Pack 21 appears to be running on the remote host. As such, it is potentially affected by the following vulnerabilities : - An unspecified cross-site scripting issue exists related to the 'Web 2.0 Messaging service'. PM37840 - A security exposure whe...

10CVSS8AI score0.0273EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2012/04/04 12:0 a.m.38 views

IBM WebSphere Application Server 6.1 < 6.1.0.43 Multiple Vulnerabilities

IBM WebSphere Application Server 6.1 before Fix Pack 43 appears to be running on the remote host. As such, it is potentially affected by the following vulnerabilities : - An unspecified error exists related to WS-Security enabled JAX-RPC applications. PM45181 - Insecure file permissions are appli...

10CVSS7.8AI score0.0273EPSS
Exploits1References14
Tenable Nessus
Tenable Nessus
added 2012/04/04 12:0 a.m.55 views

IBM WebSphere Application Server 8.0 < Fix Pack 2 Multiple Vulnerabilities

IBM WebSphere Application Server 8.0 before Fix Pack 2 appears to be running on the remote host and is potentially affected by the following vulnerabilities : - An unspecified cross-site scripting issue exists related to the 'Web 2.0 Messaging service'. PM37840 - A security exposure when using...

10CVSS8AI score0.0273EPSS
Exploits0References8
Cvelist
Cvelist
added 2012/01/15 2:0 a.m.30 views

CVE-2011-1377

The Web Services Security component in the Web Services Feature Pack before 6.1.0.41 for IBM WebSphere Application Server WAS 6.1 does not properly handle the enabling of WS-Security for a JAX-WS application, which has unspecified impact and attack vectors...

9.3AI score0.02404EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2011/05/23 12:0 a.m.21 views

IBM WebSphere Application Server WS-Security XML Encryption Weakness Vulnerability (May 2011)

IBM WebSphere Application Server is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

4.3CVSS6.2AI score0.00671EPSS
Exploits0References5
Rows per page
Query Builder