CVE-2012-2379

CVSS v2.0 10 (High)

EPSS 0.83 % (82^th)

Affected Products 1

Advisories 3

Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.

Weaknesses

CWE-NVD-noinfo

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2013-01-03 01:55:01
(11 years ago)
Updated Date: 2023-02-13 00:24:58
(19 months ago)

Affected Products

Apache

Configuration #1

		CPE23	From	Up To
	Apache Cxf 2.4.0	cpe:2.3:a:apache:cxf:2.4.0
	Apache Cxf 2.4.1	cpe:2.3:a:apache:cxf:2.4.1
	Apache Cxf 2.4.2	cpe:2.3:a:apache:cxf:2.4.2
	Apache Cxf 2.4.3	cpe:2.3:a:apache:cxf:2.4.3
	Apache Cxf 2.4.4	cpe:2.3:a:apache:cxf:2.4.4
	Apache Cxf 2.4.5	cpe:2.3:a:apache:cxf:2.4.5
	Apache Cxf 2.4.6	cpe:2.3:a:apache:cxf:2.4.6
	Apache Cxf 2.4.7	cpe:2.3:a:apache:cxf:2.4.7

Configuration #2

		CPE23	From	Up To
	Apache Cxf 2.5.0	cpe:2.3:a:apache:cxf:2.5.0
	Apache Cxf 2.5.1	cpe:2.3:a:apache:cxf:2.5.1
	Apache Cxf 2.5.2	cpe:2.3:a:apache:cxf:2.5.2
	Apache Cxf 2.5.3	cpe:2.3:a:apache:cxf:2.5.3

Configuration #3

		CPE23	From	Up To
	Apache Cxf 2.6.0	cpe:2.3:a:apache:cxf:2.6.0