1
Candidate: CVE-2013-0239
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0239
6
Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when
7
the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote
8
attackers to bypass authentication via a security header of a SOAP request
9
containing a UsernameToken element that lacks a password child element.
12
mdeslaur> debian says jbossas4 is not-affected
19
upstream_jbossas4: needs-triage
20
hardy_jbossas4: not-affected
21
lucid_jbossas4: not-affected
22
oneiric_jbossas4: not-affected
23
precise_jbossas4: not-affected
24
quantal_jbossas4: not-affected
25
devel_jbossas4: not-affected