CVE-2013-2160 – Apache CXF < 2.5.10/2.6.7/2.7.4 - Denial of Service
https://notcve.org/view.php?id=CVE-2013-2160
The streaming XML parser in Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to cause a denial of service (CPU and memory consumption) via crafted XML with a large number of (1) elements, (2) attributes, (3) nested constructs, and possibly other vectors. El analizador de secuencias XML en Apache CXF versiones 2.5.x anteriores a 2.5.10, versiones 2.6.x anteriores a 2.6.7 y versiones 2.7.x anteriores a 2.7.4, permite a los atacantes remotos causar una denegación de servicio (consumo de CPU y memoria) por medio de XML diseñado con un gran número de (1) elementos, (2) atributos, (3) construcciones anidadas y posiblemente otros vectores. Apache CXF versions prior to 2.5.10, 2.6.7, and 2.7.4 suffer from a denial of service vulnerability. • https://www.exploit-db.com/exploits/26710 http://jira.codehaus.org/browse/WSTX-285 http://jira.codehaus.org/browse/WSTX-287 http://rhn.redhat.com/errata/RHSA-2013-1028.html http://rhn.redhat.com/errata/RHSA-2013-1437.html https://bugzilla.redhat.com/show_bug.cgi?id=929197 https://cxf.apache.org/security-advisories.data/CVE-2013-2160.txt.asc https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E https://lists.apache.o • CWE-399: Resource Management Errors •
CVE-2012-5575 – apache-cxf: XML encryption backwards compatibility attacks
https://notcve.org/view.php?id=CVE-2012-5575
Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic algorithms than intended and makes it easier to decrypt communications, aka "XML Encryption backwards compatibility attack." Apache CXF en versiones 2.5.x anteriores a la 2.5.10, 2.6.x anteriores a CXF 2.6.7 y 2.7.x anteriores a CXF 2.7.4 no verifica que un algoritmo criptográfico específico esté permitido por la definición de WS-SecurityPolicy AlgorithmSuite antes del descifrado, lo que permite a los atacantes remotos forzar a CXF a usar algoritmos criptográficos más débiles que los previstos y facilita el descifrado de las comunicaciones. Esto también se conoce como "XML Encryption backwards compatibility attack". • https://github.com/tafamace/CVE-2012-5575 http://cxf.apache.org/cve-2012-5575.html http://rhn.redhat.com/errata/RHSA-2013-0833.html http://rhn.redhat.com/errata/RHSA-2013-0834.html http://rhn.redhat.com/errata/RHSA-2013-0839.html http://rhn.redhat.com/errata/RHSA-2013-0873.html http://rhn.redhat.com/errata/RHSA-2013-0874.html http://rhn.redhat.com/errata/RHSA-2013-0875.html http://rhn.redhat.com/errata/RHSA-2013-0876.html http://rhn.redhat.com/errata • CWE-310: Cryptographic Issues CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2013-0239 – apache-cxf: UsernameTokenPolicyValidator and UsernameTokenInterceptor allow empty passwords to authenticate
https://notcve.org/view.php?id=CVE-2013-0239
Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element. Apache CXF anterior a v2.5.9, v2.6.x anterior a v2.6.6, y v2.7.x anterior a v2.7.3, cuando está activado sernameToken WS-SecurityPolicy en texto plano, permite a atacantes remotos evitar la autenticación a través de una cabecera de seguridad de una petición SOAP que contiene un elemento UsernameToken que carece de contraseña en el elemento hijo. • http://cxf.apache.org/cve-2013-0239.html http://osvdb.org/90078 http://packetstormsecurity.com/files/120214/Apache-CXF-WS-Security-UsernameToken-Bypass.html http://rhn.redhat.com/errata/RHSA-2013-0749.html http://seclists.org/fulldisclosure/2013/Feb/39 http://secunia.com/advisories/51988 http://svn.apache.org/viewvc?view=revision&revision=1438424 http://www.securityfocus.com/bid/57876 https://exchange.xforce.ibmcloud.com/vulnerabilities/81981 https://lists.apache.org/thread.html/r36e • CWE-287: Improper Authentication •
CVE-2012-5633 – apache-cxf: Bypass of security constraints on WS endpoints when using WSS4JInInterceptor
https://notcve.org/view.php?id=CVE-2012-5633
The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request. El URIMappingInterceptor en Apache CXF anterior a v2.5.8, v2.6.x anterior a v2.6.5, y v2.7.x anterior a v2.7.2, cuando utiliza el WSS4JInInterceptor, evita el procesamiento de WS-Security, lo que permite a atacantes remotos obtener acceso a los servicios SOAP mediante una petición HTTP GET. • http://cxf.apache.org/cve-2012-5633.html http://osvdb.org/90079 http://packetstormsecurity.com/files/120213/Apache-CXF-WS-Security-URIMappingInterceptor-Bypass.html http://rhn.redhat.com/errata/RHSA-2013-0256.html http://rhn.redhat.com/errata/RHSA-2013-0257.html http://rhn.redhat.com/errata/RHSA-2013-0258.html http://rhn.redhat.com/errata/RHSA-2013-0259.html http://rhn.redhat.com/errata/RHSA-2013-0726.html http://rhn.redhat.com/errata/RHSA-2013-0743.html http://r • CWE-287: Improper Authentication •
CVE-2011-2487 – jbossws: Prone to Bleichenbacher attack against to be distributed symmetric key
https://notcve.org/view.php?id=CVE-2011-2487
The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack. Las implementaciones del mecanismo de transporte de claves PKCS#1 versión v1.5 para XMLEncryption en JBossWS y Apache WSS4J versiones anteriores a 1.6.5, son susceptibles a un ataque de tipo Bleichenbacher A flaw was found in JBoss web services where the services used a weak symmetric encryption protocol, PKCS#1 v1.5. An attacker could use this weakness in chosen-ciphertext attacks to recover the symmetric key and conduct further attacks. • http://cxf.apache.org/note-on-cve-2011-2487.html http://rhn.redhat.com/errata/RHSA-2013-0191.html http://rhn.redhat.com/errata/RHSA-2013-0192.html http://rhn.redhat.com/errata/RHSA-2013-0193.html http://rhn.redhat.com/errata/RHSA-2013-0194.html http://rhn.redhat.com/errata/RHSA-2013-0195.html http://rhn.redhat.com/errata/RHSA-2013-0196.html http://rhn.redhat.com/errata/RHSA-2013-0198.html http://rhn.redhat.com/errata/RHSA-2013-0221.html http://www • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •