cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [CONF] Apache CXF > Security Advisories
Date Fri, 12 Apr 2013 15:54:00 GMT
    <base href="">
            <link rel="stylesheet" href="/confluence/s/2042/9/15/_/styles/combined.css?spaceKey=CXF&amp;forWysiwyg=true"
<body style="background: white;" bgcolor="white" class="email-body">
<div id="pageContent">
<div id="notificationFormat">
<div class="wiki-content">
<div class="email">
    <h2><a href="">Security
    <h4>Page <b>edited</b> by             <a href="">Colm
O hEigeartaigh</a>
                         <h4>Changes (1)</h4>
<div id="page-diffs">
                    <table class="diff" cellpadding="0" cellspacing="0">
            <tr><td class="diff-added-lines" style="background-color: #dfd;">
* [Note on CVE-2012-5575|CVE-2012-5575] - XML Encryption backwards compatibility attack on
Apache CXF. <br></td></tr>
            <tr><td class="diff-unchanged" > * [CVE-2013-0239|CVE-2013-0239] -
Authentication bypass in the case of WS-SecurityPolicy enabled plaintext UsernameTokens. <br>
* [CVE-2012-5633|CVE-2012-5633] - WSS4JInInterceptor always allows HTTP Get requests from
browser. <br></td></tr>
            <tr><td class="diff-snipped" >...<br></td></tr>
    </div>                            <h4>Full Content</h4>
                    <div class="notificationGreySide">
	<li><a href="/confluence/pages/createpage.action?spaceKey=CXF&amp;title=CVE-2012-5575&amp;linkCreation=true&amp;fromPageId=27837502"
class="createlink">Note on CVE-2012-5575</a> - XML Encryption backwards compatibility
attack on Apache CXF.</li>
	<li><a href="/confluence/display/CXF/CVE-2013-0239" title="CVE-2013-0239">CVE-2013-0239</a>
- Authentication bypass in the case of WS-SecurityPolicy enabled plaintext UsernameTokens.</li>
	<li><a href="/confluence/display/CXF/CVE-2012-5633" title="CVE-2012-5633">CVE-2012-5633</a>
- WSS4JInInterceptor always allows HTTP Get requests from browser.</li>
	<li><a href="/confluence/display/CXF/Note+on+CVE-2011-2487" title="Note on CVE-2011-2487">Note
on CVE-2011-2487</a> - Bleichenbacher attack against distributed symmetric key in WS-Security.</li>
	<li><a href="/confluence/display/CXF/CVE-2012-3451" title="CVE-2012-3451">CVE-2012-3451</a>
- Apache CXF is vulnerable to SOAP Action spoofing attacks on Document Literal web services.</li>
	<li><a href="/confluence/display/CXF/CVE-2012-2379" title="CVE-2012-2379">CVE-2012-2379</a>
- Apache CXF does not verify that elements were signed or encrypted by a particular Supporting
	<li><a href="/confluence/display/CXF/CVE-2012-2378" title="CVE-2012-2378">CVE-2012-2378</a>
- Apache CXF does not pick up some child policies of WS-SecurityPolicy 1.1 SupportingToken
policy assertions on the client side.</li>
	<li><a href="/confluence/display/CXF/Note+on+CVE-2011-1096" title="Note on CVE-2011-1096">Note
on CVE-2011-1096</a> - XML Encryption flaw / Character pattern encoding attack.</li>
	<li><a href="/confluence/display/CXF/CVE-2012-0803" title="CVE-2012-0803">CVE-2012-0803</a>
- Apache CXF does not validate UsernameToken policies correctly.</li>
	<li><a href=""
class="external-link" rel="nofollow">CVE-2010-2076</a> - DTD based XML attacks.</li>

        <div id="commentsSection" class="wiki-content pageSection">
        <div style="float: right;">
            <a href=""
class="grey">Change Notification Preferences</a>
        <a href="">View
        <a href="">View
        <a href=";showCommentArea=true#addcomment">Add

View raw message