1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
Candidate: CVE-2012-5633
PublicDate: 2013-03-12
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5633
https://rhn.redhat.com/errata/RHSA-2013-0256.html
Description:
The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5,
and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses
WS-Security processing, which allows remote attackers to obtain access to
SOAP services via an HTTP GET request.
Ubuntu-Description:
Notes:
sarnold> I didn't find the WSS4JInInterceptor module in our sources, I
don't think our version is affected
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
Patches_jbossas4:
upstream_jbossas4: not-affected
hardy_jbossas4: not-affected
lucid_jbossas4: not-affected
oneiric_jbossas4: not-affected
precise_jbossas4: not-affected
quantal_jbossas4: not-affected
devel_jbossas4: not-affected
|