Improper Authentication Affecting org.apache.cxf:cxf-rt-core package, versions [,2.5.8)

Attack Complexity

Low
User Interaction

Required

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

snyk-id

SNYK-JAVA-ORGAPACHECXF-30577
published

9 Jan 2014
disclosed

8 Feb 2013
credit

Unknown

Report a new vulnerability Found a mistake?

Introduced: 8 Feb 2013

CVE-2012-5633 Open this link in a new tab CWE-287 Open this link in a new tab

How to fix?

Upgrade org.apache.cxf:cxf-rt-core to version 2.5.8 or higher.

Overview

org.apache.cxf:cxf-rt-core is an Apache CXF Runtime Core

Affected versions of this package are vulnerable to Improper Authentication. The URIMappingInterceptor, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.

References

Apache JIRA
GitHub Commit
GitHub Commit
GitHub Commit
RedHat Bugzilla Bug
SVN Revision

Improper Authentication Affecting org.apache.cxf:cxf-rt-core package, versions [,2.5.8)

Attack Complexity

User Interaction

snyk-id

published

disclosed

credit

Introduced: 8 Feb 2013

How to fix?

Overview

References