Showing 1 - 4 of 4

CVE-2012-2378

Status Candidate

Overview

Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.

Related Files

Red Hat Security Advisory 2012-1594-01: Posted Dec 19, 2012; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2012-1594-01 - JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for JBoss Enterprise Application Platform 6.0.0, and includes bug fixes and enhancements.; tags | advisory, java; systems | linux, redhat; advisories | CVE-2008-0455, CVE-2012-0883, CVE-2012-2378, CVE-2012-2379, CVE-2012-2672, CVE-2012-2687, CVE-2012-3428, CVE-2012-3451, CVE-2012-4549, CVE-2012-4550; SHA-256 | ce7a6ce3fa874a437034915aac5d5291665cbbaaf245d08d9d1f5eb346d591fc; Download | Favorite | View

Red Hat Security Advisory 2012-1591-01: Posted Dec 19, 2012; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2012-1591-01 - JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for JBoss Enterprise Application Platform 6.0.0, and includes bug fixes and enhancements.; tags | advisory, java; systems | linux, redhat; advisories | CVE-2008-0455, CVE-2012-2378, CVE-2012-2379, CVE-2012-2672, CVE-2012-2687, CVE-2012-3428, CVE-2012-3451, CVE-2012-4549, CVE-2012-4550; SHA-256 | 66169491e9b4f93081527475ee84f735d2d918f29661a02612d38689d09f4878; Download | Favorite | View

Red Hat Security Advisory 2012-1592-01: Posted Dec 19, 2012; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2012-1592-01 - JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for JBoss Enterprise Application Platform 6.0.0, and includes bug fixes and enhancements.; tags | advisory, java; systems | linux, redhat; advisories | CVE-2008-0455, CVE-2012-2378, CVE-2012-2379, CVE-2012-2672, CVE-2012-2687, CVE-2012-3428, CVE-2012-3451, CVE-2012-4549, CVE-2012-4550; SHA-256 | 9f252a88d1f38fd6c3c381757d9c5cb1073c52fcd621aa36d6a621a3438e93f5; Download | Favorite | View

Apache CXF Failed Pickup Of Child Policies: Posted Jun 8, 2012; Authored by Colm O hEigeartaigh | Site cxf.apache.org; Apache CXF does not pick up some child policies of WS-SecurityPolicy 1.1 SupportingToken policy assertions on the client side. Apache CXF versions 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.0 are affected.; tags | advisory; advisories | CVE-2012-2378; SHA-256 | 9192946a363a63b454cdbfe47e3d089546ef6e6058eec8ac012d7080b7e47be8; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 261 files
indoushka 164 files
Ubuntu 101 files
Gentoo 32 files
Debian 22 files
LiquidWorm 14 files
Apple 11 files
malvuln 8 files
Google Security Research 7 files
Rubén López Herrera 5 files

File Archives

Systems

AIX (430)
Apple (2,117)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,140)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,599)
HPUX (881)
iOS (391)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,531)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,026)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,914)
UNIX (9,469)
UnixWare (188)
Windows (6,784)
Other

CVE-2012-2378

Overview

Related Files

File Archive:

October 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems