CVE-2012-0803

CWE-287Improper Authentication6 documents6 sources
Severity
9.8CRITICAL
EPSS
0.7%
top 28.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache CXF
Timeline
PublishedAug 8
Latest updateMay 13

Description

The WS-SP UsernameToken policy in Apache CXF 2.4.5 and 2.5.1 allows remote attackers to bypass authentication by sending an empty UsernameToken as part of a SOAP request.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

Mavenorg.apache.cxf:cxf2.4.02.4.6+1
NVDapache/cxf2.4.5, 2.5.1+1

Patches

Patch: marc.infoPatch: svn.apache.orgPatch: marc.info

🔴Vulnerability Details

3
GHSA
Improper Authentication in Apache CXF2022-05-13
OSV
Improper Authentication in Apache CXF2022-05-13
CVEList
CVE-2012-0803: The WS-SP UsernameToken policy in Apache CXF 22017-08-08

📋Vendor Advisories

1
Red Hat
CXF: improper validation of UsernameToken policies2012-02-07

💬Community

1
Bugzilla
CVE-2012-0803 Apache CXF: improper validation of UsernameToken policies2012-02-07
CVE-2012-0803 (CRITICAL CVSS 9.8) | The WS-SP UsernameToken policy in A | cvebase.io