CVE-2012-5575

Published: Aug 19, 2013Modified: Apr 29, 2026

6.4

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploitability: 10.0 / Impact: 4.9

Source: NVD

Description

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic algorithms than intended and makes it easier to decrypt communications, aka "XML Encryption backwards compatibility attack."

Affected (26)

Products: Apache: Cxf · Redhat: Jboss Enterprise Application Platform, Jboss Enterprise Portal Platform, Jboss Enterprise Soa Platform, Jboss Enterprise Web Platform, Jboss Fuse Esb Enterprise

1 product

5 products

Jboss Enterprise Application Platform

Jboss Enterprise Portal Platform

Jboss Enterprise Soa Platform

Jboss Enterprise Web Platform

Jboss Fuse Esb Enterprise

Configuration A

26 vulnerable

Vulnerable Software	Affected Versions
Apache Cxf	Version 2.5.0
Apache Cxf	Version 2.5.1
Apache Cxf	Version 2.5.2
Apache Cxf	Version 2.5.3
Apache Cxf	Version 2.5.4
Apache Cxf	Version 2.5.5
Apache Cxf	Version 2.5.6
Apache Cxf	Version 2.5.7
Apache Cxf	Version 2.5.8
Apache Cxf	Version 2.5.9
Apache Cxf	Version 2.6.0
Apache Cxf	Version 2.6.1
Apache Cxf	Version 2.6.2
Apache Cxf	Version 2.6.3
Apache Cxf	Version 2.6.4
Apache Cxf	Version 2.6.5
Apache Cxf	Version 2.6.6
Apache Cxf	Version 2.7.0
Apache Cxf	Version 2.7.1
Apache Cxf	Version 2.7.2
Apache Cxf	Version 2.7.3
Redhat Jboss Enterprise Application Platform	Version 5.0.0
Redhat Jboss Enterprise Portal Platform	Version 4.3.0
Redhat Jboss Enterprise Soa Platform	Version 4.3.0
Redhat Jboss Enterprise Web Platform	Version 5.2.0
Redhat Jboss Fuse Esb Enterprise	Version 7.1.0

Related CWEs

References (42)

http://cxf.apache.org/cve-2012-5575.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2013-0833.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2013-0834.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2013-0839.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2013-0873.html

Source: secalert@redhat.com

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2013-0874.html

Source: secalert@redhat.com

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2013-0875.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2013-0876.html

Source: secalert@redhat.com

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2013-0943.html

Source: secalert@redhat.com

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2013-1028.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2013-1143.html

Source: secalert@redhat.com

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2013-1437.html

Source: secalert@redhat.com

http://www.nds.ruhr-uni-bochum.de/research/publications/backwards-compatibility/

Source: secalert@redhat.com

http://www.securityfocus.com/bid/60043

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=880443

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E

Source: secalert@redhat.com

http://cxf.apache.org/cve-2012-5575.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2013-0833.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2013-0834.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2013-0839.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2013-0873.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2013-0874.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2013-0875.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2013-0876.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2013-0943.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2013-1028.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2013-1143.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2013-1437.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.nds.ruhr-uni-bochum.de/research/publications/backwards-compatibility/

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/60043

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=880443

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.