CVE-2012-2379 – apache-cxf: Apache CXF does not verify that elements were signed / encrypted by a particular Supporting Token
https://notcve.org/view.php?id=CVE-2012-2379
Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors. Apache CXF v2.4.x antes de v2.4.8, v2.5.x antes de v2.5.4, y v2.6.x antes de v2.6.1, cuando un Supporting Token especifica una política hija WS-SecurityPolicy 1.1 o 1.2, no se aseguran de que un elemento XML está firmado o cifrado, lo que tiene un impacto y vectores de ataque no especificados. • http://cxf.apache.org/cve-2012-2379.html http://rhn.redhat.com/errata/RHSA-2012-1559.html http://rhn.redhat.com/errata/RHSA-2012-1573.html http://rhn.redhat.com/errata/RHSA-2012-1591.html http://rhn.redhat.com/errata/RHSA-2012-1592.html http://rhn.redhat.com/errata/RHSA-2012-1593.html http://rhn.redhat.com/errata/RHSA-2012-1594.html http://rhn.redhat.com/errata/RHSA-2013-0191.html http://rhn.redhat.com/errata/RHSA-2013-0192.html http://rhn.redhat. •
CVE-2012-2378 – apache-cxf: Certain child policies of WS-SecurityPolicy 1.1 SupportingToken policy not applied on the client side
https://notcve.org/view.php?id=CVE-2012-2378
Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies. Apache CXF v2.4.5 hasta v2.4.7, v2.5.1 hasta v2.5.3, y v2.6.x anteriores a v2.6.1, no refuerza de forma adecuada las politicas hijo de un política WS-SecurityPolicy 1.1 SupportingToken del lado del cliente, lo que permite a atacantes remotos evitar las políticas (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, y (5) EncryptedElements policies. • http://cxf.apache.org/cve-2012-2378.html http://rhn.redhat.com/errata/RHSA-2012-1591.html http://rhn.redhat.com/errata/RHSA-2012-1592.html http://rhn.redhat.com/errata/RHSA-2012-1594.html http://secunia.com/advisories/51607 http://svn.apache.org/viewvc?view=revision&revision=1337150 http://www.securityfocus.com/bid/53880 https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E https://lists.apache.org/thread.html/rc7742781358 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-0803
https://notcve.org/view.php?id=CVE-2012-0803
The WS-SP UsernameToken policy in Apache CXF 2.4.5 and 2.5.1 allows remote attackers to bypass authentication by sending an empty UsernameToken as part of a SOAP request. La política WS-SP UsernameToken en Apache CXF 2.4.5 y 2.5.1 permite que atacantes remotos eludan la autenticación mediante el envío de un UsernameToken vacío como parte de una petición SOAP. • http://marc.info/?l=full-disclosure&m=132861746008002 http://svn.apache.org/viewvc?view=revision&revision=1233457 https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0 • CWE-287: Improper Authentication •
CVE-2010-2076
https://notcve.org/view.php?id=CVE-2010-2076
Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632. Apache CXF v2.0.x anterior a v2.0.13, v2.1.x anterior a v2.1.10, y v2.2.x anterior a v2.2.9, utilizado en Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, y otros productos, no rechaza correctamente DTDs en los mensajes SOAP, lo que permite a atacantes remotos leer ficheros de su elección, enviar peticiones HTTP al servidor de la intranet, o provocar una denegación de servicio (consumo de CPU y memoria) a través de un DTD manipulado, como se ha demostrado por una declaración de la entidad en una petición a samples/wsdl_first_pure_xml, un caso similar a CVE-2010-1632. • http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html http://geronimo.apache.org/21x-security-report.html http://geronimo.apache.org/22x-security-report.html http://secunia.com/advisories/40969 http://secunia.com/advisories/41016 http://secunia.com/advisories/41025 http://svn.apache.org/repos/asf/cxf/trunk/security/CVE-2010-2076.pdf http://www.listware.net/201006/cxf-users/60160-important-apache-cxf-security-advisory-cve-2010-2076.html http://www.securityfocus.c • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •