CyberSec.Space Logo
Back to CVE Browser

CVE-2012-2379

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1620%
EPSS Percentile31.88th
PublishedJan 3, 2013
Last ModifiedApr 29, 2026

Vulnerability Description

Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.

Affected Platforms (CPE)

πŸ“¦
Apache

Cxf

= 2.4.0
πŸ“¦
Apache

Cxf

= 2.4.1
πŸ“¦
Apache

Cxf

= 2.4.2
πŸ“¦
Apache

Cxf

= 2.4.3
πŸ“¦
Apache

Cxf

= 2.4.4
πŸ“¦
Apache

Cxf

= 2.4.5
πŸ“¦
Apache

Cxf

= 2.4.6
πŸ“¦
Apache

Cxf

= 2.4.7
πŸ“¦
Apache

Cxf

= 2.5.0
πŸ“¦
Apache

Cxf

= 2.5.1
πŸ“¦
Apache

Cxf

= 2.5.2
πŸ“¦
Apache

Cxf

= 2.5.3
πŸ“¦
Apache

Cxf

= 2.6.0

References & Advisories

πŸ”— http://cxf.apache.org/cve-2012-2379.html
πŸ”— http://rhn.redhat.com/errata/RHSA-2012-1559.html
πŸ”— http://rhn.redhat.com/errata/RHSA-2012-1573.html
πŸ”— http://rhn.redhat.com/errata/RHSA-2012-1591.html
πŸ”— http://rhn.redhat.com/errata/RHSA-2012-1592.html
πŸ”— http://rhn.redhat.com/errata/RHSA-2012-1593.html
πŸ”— http://rhn.redhat.com/errata/RHSA-2012-1594.html
πŸ”— http://rhn.redhat.com/errata/RHSA-2013-0191.html

Related Vulnerabilities

CVE-2010-20769.8

Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Ch...

CVE-2012-08039.8

The WS-SP UsernameToken policy in Apache CXF 2.4.5 and 2.5.1 allows remote attackers to bypass authentication by sending an empty ...

CVE-2019-124199.8

Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged OpenId Connect servic...

CVE-2016-44649.8

The application plugins in Apache CXF Fediz 1.2.x before 1.2.3 and 1.3.x before 1.3.1 do not match SAML AudienceRestriction values...