Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:11342
HistoryJan 15, 2019 - 9:00 a.m.

WSS4JInInterceptor Bypasses WS Security Processing

2019-01-1509:00:33
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8

0.002 Low

EPSS

Percentile

61.9%

The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.

References

0.002 Low

EPSS

Percentile

61.9%