3 matches found
CVE-2012-4418
CVE-2012-4418 concerns Apache Axis2 and its XML signature handling. The provided connected material confirms that this vulnerability arises from the failure to properly verify signed XML messages, allowing an attacker to craft messages that bypass authentication via an XML Signature wrapping atta...
CVE-2012-5351
CVE-2012-5351 affects Apache Axis2 and allows remote attackers to bypass authentication by forging a SAML assertion that lacks a Signature element (Signature exclusion attack). This is the same family as CVE-2012-4418 and enables message forgery without proper XML-signature verification. IBM-rela...
CVE-2012-5785
CVE-2012-5785 concerns Apache Axis2/Java where server hostname verification against the certificate CN/SubjectAltName is not performed, enabling MITM spoofing with any valid certificate. Connected documents confirm multiple IBM advisories and IBM BPM/TDI/IMS products affected by this Axis2 SSL is...