Twenty Year Anniversary
Showing 1 - 10 of 10 RSS Feed

CVE-2012-3451

Status Candidate

Overview

Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.

Related Files

Red Hat Security Advisory 2013-0743-01
Posted Apr 16, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0743-01 - JBoss Enterprise BRMS Platform is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This roll up patch serves as a cumulative upgrade for JBoss Enterprise BRMS Platform 5.3.1. It includes various bug fixes. The following security issues are also fixed with this release: If web services were deployed using Apache CXF with the WSS4JInInterceptor enabled to apply WS-Security processing, HTTP GET requests to these services were always granted access, without applying authentication checks. The URIMappingInterceptor is a legacy mechanism for allowing REST-like access to simple SOAP services. A remote attacker could use this flaw to access the REST-like interface of a simple SOAP service using GET requests that bypass the security constraints applied by WSS4JInInterceptor. This flaw was only exploitable if WSS4JInInterceptor was used to apply WS-Security processing. Services that use WS-SecurityPolicy to apply security were not affected.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2012-3451, CVE-2012-5633
MD5 | ec0eb67fa9d8573c12301acae3dfd666
Red Hat Security Advisory 2013-0726-01
Posted Apr 10, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0726-01 - JBoss Enterprise SOA Platform is the next-generation ESB and business process automation infrastructure. JBoss Enterprise SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. This roll up patch serves as a cumulative upgrade for JBoss Enterprise SOA Platform 5.3.1. It includes various bug fixes. The following security issues are also fixed with this release: If web services were deployed using Apache CXF with the WSS4JInInterceptor enabled to apply WS-Security processing, HTTP GET requests to these services were always granted access, without applying authentication checks. The URIMappingInterceptor is a legacy mechanism for allowing REST-like access to simple SOAP services. A remote attacker could use this flaw to access the REST-like interface of a simple SOAP service using GET requests that bypass the security constraints applied by WSS4JInInterceptor. This flaw was only exploitable if WSS4JInInterceptor was used to apply WS-Security processing. Services that use WS-SecurityPolicy to apply security were not affected.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2012-3451, CVE-2012-5633, CVE-2012-5885, CVE-2012-5886, CVE-2012-5887
MD5 | 87e56163d6c1d8e42c9240606928eecc
Red Hat Security Advisory 2013-0258-01
Posted Feb 13, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0258-01 - The Enterprise Web Platform is a slimmed down profile of the JBoss Enterprise Application Platform intended for mid-size workloads with light and rich Java applications. If web services were deployed using Apache CXF with the WSS4JInInterceptor enabled to apply WS-Security processing, HTTP GET requests to these services were always granted access, without applying authentication checks. The URIMappingInterceptor is a legacy mechanism for allowing REST-like access to simple SOAP services. A remote attacker could use this flaw to access the REST-like interface of a simple SOAP service using GET requests that bypass the security constraints applied by WSS4JInInterceptor. This flaw was only exploitable if WSS4JInInterceptor was used to apply WS-Security processing. Services that use WS-SecurityPolicy to apply security were not affected.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2012-3451, CVE-2012-5633
MD5 | 22a6fbd8eb19daae90be879c16909525
Red Hat Security Advisory 2013-0257-01
Posted Feb 13, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0257-01 - JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. If web services were deployed using Apache CXF with the WSS4JInInterceptor enabled to apply WS-Security processing, HTTP GET requests to these services were always granted access, without applying authentication checks. The URIMappingInterceptor is a legacy mechanism for allowing REST-like access to simple SOAP services. A remote attacker could use this flaw to access the REST-like interface of a simple SOAP service using GET requests that bypass the security constraints applied by WSS4JInInterceptor. This flaw was only exploitable if WSS4JInInterceptor was used to apply WS-Security processing. Services that use WS-SecurityPolicy to apply security were not affected.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2012-3451, CVE-2012-5633
MD5 | 163fea2e485fadca861df43056024779
Red Hat Security Advisory 2013-0256-01
Posted Feb 13, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0256-01 - JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. If web services were deployed using Apache CXF with the WSS4JInInterceptor enabled to apply WS-Security processing, HTTP GET requests to these services were always granted access, without applying authentication checks. The URIMappingInterceptor is a legacy mechanism for allowing REST-like access to simple SOAP services. A remote attacker could use this flaw to access the REST-like interface of a simple SOAP service using GET requests that bypass the security constraints applied by WSS4JInInterceptor. This flaw was only exploitable if WSS4JInInterceptor was used to apply WS-Security processing. Services that use WS-SecurityPolicy to apply security were not affected.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2012-3451, CVE-2012-5633
MD5 | 48cf6f4c19366343cab2d6e91922b00e
Red Hat Security Advisory 2013-0259-01
Posted Feb 13, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0259-01 - The Enterprise Web Platform is a slimmed down profile of the JBoss Enterprise Application Platform intended for mid-size workloads with light and rich Java applications. If web services were deployed using Apache CXF with the WSS4JInInterceptor enabled to apply WS-Security processing, HTTP GET requests to these services were always granted access, without applying authentication checks. The URIMappingInterceptor is a legacy mechanism for allowing REST-like access to simple SOAP services. A remote attacker could use this flaw to access the REST-like interface of a simple SOAP service using GET requests that bypass the security constraints applied by WSS4JInInterceptor. This flaw was only exploitable if WSS4JInInterceptor was used to apply WS-Security processing. Services that use WS-SecurityPolicy to apply security were not affected.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2012-3451, CVE-2012-5633
MD5 | ac347192f004e323ae0a5d90b41f3906
Red Hat Security Advisory 2012-1594-01
Posted Dec 19, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1594-01 - JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for JBoss Enterprise Application Platform 6.0.0, and includes bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2008-0455, CVE-2012-0883, CVE-2012-2378, CVE-2012-2379, CVE-2012-2672, CVE-2012-2687, CVE-2012-3428, CVE-2012-3451, CVE-2012-4549, CVE-2012-4550
MD5 | 42e49bb5dd6e4f6c7cd74b27fa57aa47
Red Hat Security Advisory 2012-1591-01
Posted Dec 19, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1591-01 - JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for JBoss Enterprise Application Platform 6.0.0, and includes bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2008-0455, CVE-2012-2378, CVE-2012-2379, CVE-2012-2672, CVE-2012-2687, CVE-2012-3428, CVE-2012-3451, CVE-2012-4549, CVE-2012-4550
MD5 | 87d249d70f63b6d69f05e377d13c62a8
Red Hat Security Advisory 2012-1592-01
Posted Dec 19, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1592-01 - JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for JBoss Enterprise Application Platform 6.0.0, and includes bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2008-0455, CVE-2012-2378, CVE-2012-2379, CVE-2012-2672, CVE-2012-2687, CVE-2012-3428, CVE-2012-3451, CVE-2012-4549, CVE-2012-4550
MD5 | bab95dd47be373e29e59937403784008
Apache CXF SOAP Action Spoofing Attacks
Posted Sep 20, 2012
Authored by Colm O hEigeartaigh | Site cxf.apache.org

Apache CXF is vulnerable to SOAP Action spoofing attacks on Document Literal web services.

tags | advisory, web, spoof
advisories | CVE-2012-3451
MD5 | 8b4f9d357259473c95e4ce65ade826f4
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

August 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    19 Files
  • 2
    Aug 2nd
    17 Files
  • 3
    Aug 3rd
    16 Files
  • 4
    Aug 4th
    1 Files
  • 5
    Aug 5th
    1 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    15 Files
  • 8
    Aug 8th
    9 Files
  • 9
    Aug 9th
    7 Files
  • 10
    Aug 10th
    10 Files
  • 11
    Aug 11th
    1 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    14 Files
  • 14
    Aug 14th
    18 Files
  • 15
    Aug 15th
    38 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close