CVE-2012-5633

CWE-287 — Improper Authentication8 documents6 sources

Severity

5.8MEDIUM

EPSS

1.8%

top 17.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache CXF

Timeline

PublishedMar 12

Latest updateMay 13

Description

The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages2 packages

▶Mavenorg.apache.cxf:cxf2.6.0 — 2.6.5+2

▶NVDapache/cxf2.5.7+14

🔴Vulnerability Details

OSV

Improper Authentication in Apache CXF↗2022-05-13

▶

GHSA

Improper Authentication in Apache CXF↗2022-05-13

▶

CVEList

CVE-2012-5633: The URIMappingInterceptor in Apache CXF before 2↗2013-03-12

▶

📋Vendor Advisories

Red Hat

apache-cxf: Bypass of security constraints on WS endpoints when using WSS4JInInterceptor↗2013-02-08

▶

💬Community

Bugzilla

CVE-2012-5633 CVE-2013-0239 cxf various flaws [fedora-all]↗2013-02-08

▶

Bugzilla

CVE-2012-5633 CVE-2013-0239 jbossws-cxf various flaws [fedora-all]↗2013-02-08

▶

Bugzilla

CVE-2012-5633 jbossws-cxf, apache-cxf: Bypass of security constraints on WS endpoints when using WSS4JInInterceptor↗2012-12-20

▶