CVE-2012-0803
published 2017-08-08CVE-2012-0803: The WS-SP UsernameToken policy in Apache CXF 2.4.5 and 2.5.1 allows remote attackers to bypass authentication by sending an empty UsernameToken as part of a…
PriorityP262critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
3.54%
87.8th percentile
The WS-SP UsernameToken policy in Apache CXF 2.4.5 and 2.5.1 allows remote attackers to bypass authentication by sending an empty UsernameToken as part of a SOAP request.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | cxf | — | — |
| apache | cxf | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Authentication bypass is triggered by sending an empty UsernameToken element inside the WS-Security security header of a SOAP request against a WS-SP UsernameToken policy endpoint ↗
- →The bypass succeeds because CXF marks the UsernameToken policy requirement as satisfied even when no UsernameToken is present; inspect WS-Security header processing logs for requests where the UsernameToken element is absent or empty yet the policy check passes ↗
- ·Only Apache CXF versions 2.4.5 and 2.5.1 are vulnerable; earlier versions are not affected and versions 2.4.6 and 2.5.2 include the fix ↗
- ·Apache CXF as shipped with Red Hat products is not affected by this vulnerability ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
CXF: improper validation of UsernameToken policies
vendor_redhat·2012-02-07·CVSS 9.8
CVE-2012-0803 [CRITICAL] CXF: improper validation of UsernameToken policies
CXF: improper validation of UsernameToken policies
The WS-SP UsernameToken policy in Apache CXF 2.4.5 and 2.5.1 allows remote attackers to bypass authentication by sending an empty UsernameToken as part of a SOAP request.
Statement: Not Vulnerable. This issue only affects Apache CXF 2.4.5 and 2.5.1. Earlier versions were not affected and later versions include a fix for this issue. This issue does not affect the versions of Apache CXF as shipped with various Red Hat products.
Package: Distribution (Red Hat JBoss SOA Platform 5) - Not affected
GHSA
Improper Authentication in Apache CXF
ghsa·2022-05-13
CVE-2012-0803 [CRITICAL] CWE-287 Improper Authentication in Apache CXF
Improper Authentication in Apache CXF
The WS-SP UsernameToken policy in Apache CXF 2.4.5 and 2.5.1 allows remote attackers to bypass authentication by sending an empty UsernameToken as part of a SOAP request.
OSV
Improper Authentication in Apache CXF
osv·2022-05-13
CVE-2012-0803 [CRITICAL] Improper Authentication in Apache CXF
Improper Authentication in Apache CXF
The WS-SP UsernameToken policy in Apache CXF 2.4.5 and 2.5.1 allows remote attackers to bypass authentication by sending an empty UsernameToken as part of a SOAP request.
No detection rules found.
No public exploits indexed.
http://marc.info/?l=full-disclosure&m=132861746008002http://svn.apache.org/viewvc?view=revision&revision=1233457https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3Ehttps://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3Ehttps://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3Ehttps://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3Ehttps://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3Ehttps://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3Ehttp://marc.info/?l=full-disclosure&m=132861746008002http://svn.apache.org/viewvc?view=revision&revision=1233457https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3Ehttps://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3Ehttps://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3Ehttps://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3Ehttps://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3Ehttps://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
2017-08-08
Published