[MAVEN:GHSA-88R4-38GC-97P4] Apache Axis2 Vulnerable to XML Signature wrapping attack

Severity Moderate

Affected Packages 1

Fixed Packages 1

CVEs 1

Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."

Package	Affected Version
pkg:maven/org.apache.axis2/axis2	< 1.7.9

Package	Fixed Version
pkg:maven/org.apache.axis2/axis2	= 1.7.9

ID: MAVEN:GHSA-88R4-38GC-97P4
Severity: moderate
URL: https://github.com/advisories/GHSA-88r4-38gc-97p4
Published: 2022-05-17T05:16:12
(2 years ago)
Modified: 2024-01-12T20:07:32
(8 months ago)
Rights: Maven Security Team

Source	# ID	Name	URL
			https://nvd.nist.gov/vuln/detail/CVE-2012-4418
			https://bugzilla.redhat.com/show_bug.cgi?id=856755
			http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf
			http://www.openwall.com/lists/oss-security/2012/09/12/1
			http://www.openwall.com/lists/oss-security/2012/09/13/1
			https://issues.apache.org/jira/browse/AXIS2-5930
			https://issues.apache.org/jira/browse/AXIS2C-1694
			https://web.archive.org/web/20121114075457/http://www.securityfocus.com/bid/55508
			https://github.com/advisories/GHSA-88r4-38gc-97p4

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:maven/org.apache.axis2/axis2	org.apache.axis2	axis2	< 1.7.9
Fixed	pkg:maven/org.apache.axis2/axis2	org.apache.axis2	axis2	= 1.7.9

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date