CVE-2012-4418

描述

Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."

受影響套件(1)

• Maven/org.apache.axis2:axis2from 0, < 1.7.9

參考連結(9)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2012-4418
• PATCHhttps://github.com/apache/axis-axis2-java-core
• WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=856755
• WEBhttps://issues.apache.org/jira/browse/AXIS2-5930
• WEBhttps://issues.apache.org/jira/browse/AXIS2C-1694
• WEBhttps://web.archive.org/web/20121114075457/http://www.securityfocus.com/bid/55508
• WEBhttp://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf
• WEBhttp://www.openwall.com/lists/oss-security/2012/09/12/1
• WEBhttp://www.openwall.com/lists/oss-security/2012/09/13/1