CVE-2012-2379

Published: Jan 3, 2013Modified: Apr 29, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.

Affected (13)

Products: Apache: Cxf

1 product

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Apache Cxf	Version 2.4.0
Apache Cxf	Version 2.4.1
Apache Cxf	Version 2.4.2
Apache Cxf	Version 2.4.3
Apache Cxf	Version 2.4.4
Apache Cxf	Version 2.4.5
Apache Cxf	Version 2.4.6
Apache Cxf	Version 2.4.7

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Apache Cxf	Version 2.5.0
Apache Cxf	Version 2.5.1
Apache Cxf	Version 2.5.2
Apache Cxf	Version 2.5.3

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Apache Cxf	Version 2.6.0

References (48)

http://cxf.apache.org/cve-2012-2379.html

Source: secalert@redhat.com

PatchVendor Advisory

http://rhn.redhat.com/errata/RHSA-2012-1559.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2012-1573.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2012-1591.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2012-1592.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2012-1593.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2012-1594.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2013-0191.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2013-0192.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2013-0193.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2013-0194.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2013-0195.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2013-0196.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2013-0197.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2013-0198.html

Source: secalert@redhat.com

http://secunia.com/advisories/51607

Source: secalert@redhat.com

http://secunia.com/advisories/51984

Source: secalert@redhat.com

http://svn.apache.org/viewvc?view=revision&revision=1338219

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E

Source: secalert@redhat.com

http://cxf.apache.org/cve-2012-2379.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://rhn.redhat.com/errata/RHSA-2012-1559.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2012-1573.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2012-1591.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2012-1592.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2012-1593.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2012-1594.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2013-0191.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2013-0192.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2013-0193.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2013-0194.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2013-0195.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2013-0196.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2013-0197.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2013-0198.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/51607

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/51984

Source: af854a3a-2127-422b-91ae-364da2661108

http://svn.apache.org/viewvc?view=revision&revision=1338219

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.