CVE-2012-4418
EPSS 0.33%Apache Axis2 Vulnerable to XML Signature wrapping attack
Published: 5/17/2022Modified: 12/4/2024
Description
Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
Affected packages (1)
- Maven/org.apache.axis2:axis2from 0, < 1.7.9
References (9)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2012-4418
- PATCHhttps://github.com/apache/axis-axis2-java-core
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=856755
- WEBhttps://issues.apache.org/jira/browse/AXIS2-5930
- WEBhttps://issues.apache.org/jira/browse/AXIS2C-1694
- WEBhttps://web.archive.org/web/20121114075457/http://www.securityfocus.com/bid/55508
- WEBhttp://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf
- WEBhttp://www.openwall.com/lists/oss-security/2012/09/12/1
- WEBhttp://www.openwall.com/lists/oss-security/2012/09/13/1