8 matches found
WSS4JInInterceptor Bypasses WS Security Processing
The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request...
Important: Red Hat Security Advisory: apache-cxf security update
An update for the Apache CXF component of JBoss Portal Platform 6.0.0 which fixes two security issues is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base...
Important: Red Hat Security Advisory: Fuse ESB Enterprise 7.1.0 update
Fuse ESB Enterprise 7.1.0 Patch 3, which fixes three security issues and various bugs, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give...
Important: Red Hat Security Advisory: apache-cxf security update
An updated apache-cxf package for JBoss Enterprise Application Platform 6.0.1 which fixes two security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CV...
Important: Red Hat Security Advisory: apache-cxf security update
An update for the Apache CXF component of JBoss Enterprise Application Platform 6.0.1 which fixes two security issues is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring Syste...
Cross site request forgery (csrf)
The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request...
apache-cxf: Bypass of security constraints on WS endpoints when using WSS4JInInterceptor
The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request...
Important: Red Hat Security Advisory: JBoss Enterprise Web Platform 5.2.0 security update
An update for JBoss Enterprise Web Platform 5.2.0 which fixes two security issues is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give...