Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
6.9AI Score
0.004EPSS
Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
6.8AI Score
0.004EPSS
Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
6.4AI Score
0.001EPSS