CVE-2012-2379

Published Jan 3, 2013

Last updated 2 years ago

Overview

Description: Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apache:cxf:2.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "617F940F-8B29-447D-BB6D-A1F4A151D87A"
          },
          {
            "criteria": "cpe:2.3:a:apache:cxf:2.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9E1EE45D-2FAF-4FEE-9FD6-DBD695C9A6A7"
          },
          {
            "criteria": "cpe:2.3:a:apache:cxf:2.4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B4BB8072-24DC-490A-9DCB-A4B6A694541C"
          },
          {
            "criteria": "cpe:2.3:a:apache:cxf:2.4.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "19233D8E-661D-454C-8504-77228B2249BD"
          },
          {
            "criteria": "cpe:2.3:a:apache:cxf:2.4.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D97DFFE5-8E06-4A59-9971-8FCF2B969025"
          },
          {
            "criteria": "cpe:2.3:a:apache:cxf:2.4.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD8E746D-8FEF-47AB-97DC-8A0C1743F7D5"
          },
          {
            "criteria": "cpe:2.3:a:apache:cxf:2.4.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6BFB2300-841A-4D92-96C7-D58E15F67D8E"
          },
          {
            "criteria": "cpe:2.3:a:apache:cxf:2.4.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B6468310-155B-4582-9DA8-90C6B99E02BF"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apache:cxf:2.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D24246B2-915D-494B-9863-CF0B662BE54D"
          },
          {
            "criteria": "cpe:2.3:a:apache:cxf:2.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6915B2EC-AA31-44B5-A5F3-3EE1FDD0ABC7"
          },
          {
            "criteria": "cpe:2.3:a:apache:cxf:2.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "90280778-F7D6-49E2-9C7F-9F5F58137FDE"
          },
          {
            "criteria": "cpe:2.3:a:apache:cxf:2.5.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "962F2A85-4731-450B-986B-E1A79986F143"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apache:cxf:2.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A4FC7D67-80A3-43F6-8D46-F13F37A017CF"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References