CVE-2012-3451Improper Input Validation in Apache CXF

CWE-20Improper Input Validation7 documents6 sources
Severity
4.3MEDIUMNVD
EPSS
10.0%
top 6.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache CXF
Timeline
PublishedSep 24
Latest updateMay 13

Description

Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDapache/cxf2.5.02.5.5+2

Patches

Patch: svn.apache.orgPatch: svn.apache.org

🔴Vulnerability Details

3
OSV
Remote web-service operation execution in Apache CXF2022-05-13
GHSA
Remote web-service operation execution in Apache CXF2022-05-13
CVEList
CVE-2012-3451: Apache CXF before 22012-09-24

📋Vendor Advisories

1
Red Hat
apache-cxf: SOAPAction spoofing on document literal web services2012-09-19

💬Community

2
Bugzilla
CVE-2012-3451 jbossws-cxf, apache-cxf: SOAPAction spoofing on document literal web services [fedora-17]2012-09-19
Bugzilla
CVE-2012-3451 jbossws-cxf, apache-cxf: SOAPAction spoofing on document literal web services2012-08-27
CVE-2012-3451 — Improper Input Validation in Apache CXF | cvebase