Lucene search

Veracode Vulnerability DatabaseVERACODE:11342

HistoryJan 15, 2019 - 9:00 a.m.

WSS4JInInterceptor Bypasses WS Security Processing

2019-01-1509:00:33

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

EPSS

0.002

Percentile

61.9%

JSON

The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.

References

cxf.apache.org/cve-2012-5633.html

cxf.apache.org/security-advisories.html

osvdb.org/90079

packetstormsecurity.com/files/120213/Apache-CXF-WS-Security-URIMappingInterceptor-Bypass.html

rhn.redhat.com/errata/RHSA-2013-0256.html

rhn.redhat.com/errata/RHSA-2013-0257.html

rhn.redhat.com/errata/RHSA-2013-0258.html

rhn.redhat.com/errata/RHSA-2013-0259.html

rhn.redhat.com/errata/RHSA-2013-0726.html

rhn.redhat.com/errata/RHSA-2013-0743.html

rhn.redhat.com/errata/RHSA-2013-0749.html

seclists.org/fulldisclosure/2013/Feb/39

secunia.com/advisories/51988

secunia.com/advisories/52183

stackoverflow.com/questions/7933293/why-does-apache-cxf-ws-security-implementation-ignore-get-requests

svn.apache.org/viewvc?view=revision&revision=1409324

svn.apache.org/viewvc?view=revision&revision=1420698

www.securityfocus.com/bid/57874

access.redhat.com/security/updates/classification/#important

exchange.xforce.ibmcloud.com/vulnerabilities/81980

issues.apache.org/jira/browse/CXF-4629

issues.jboss.org/browse/JBWS-3575

lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E

lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E

lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E

lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E

lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E

lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E

lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E

lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E

lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E

lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E

lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E

lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E

rhn.redhat.com/errata/RHSA-2013-0644.html

EPSS

0.002

Percentile

61.9%

JSON

Related for VERACODE:11342