4 matches found
EUVD-2022-5771
Malicious code in bioql PyPI...
apache-cxf: Bypass of security constraints on WS endpoints when using WSS4JInInterceptor
The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request...
apache-cxf: Bypass of security constraints on WS endpoints when using WSS4JInInterceptor
The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request...
PT-2013-1817 · Apache · Apache Cxf
Name of the Vulnerable Software and Affected Versions: Apache CXF versions 2.5.0 through 2.5.7 Apache CXF versions 2.6.0 through 2.6.4 Apache CXF versions 2.7.0 through 2.7.1 Description: The issue allows remote attackers to obtain access to SOAP services via an HTTP GET request, bypassing...