cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Loïc FRERING (JIRA) <>
Subject [jira] Created: (CXF-1433) WS-Security vulnerability
Date Thu, 14 Feb 2008 14:53:09 GMT
WS-Security vulnerability

                 Key: CXF-1433
             Project: CXF
          Issue Type: Bug
          Components: WS-* Components
    Affects Versions: 2.0.3
         Environment: Tomcat 5.5, Spring 2 and CXF 2.0.3 for the server and Flex WS-client
            Reporter: Loïc FRERING
            Priority: Critical

It is possible to bypass the security checks configured with WS-Security.

Server configured with an Username Token WS-Security authentication with Spring :

<jaxws:endpoint id="helloWorld" implementor="service.impl.HelloWorldImpl" address="/HelloWorld">
			<bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor"/>
			<bean class="">
						<entry key="action" value="UsernameToken"/>
						<entry key="passwordType" value="PasswordDigest"/>
						<entry key="passwordCallbackClass" value=""/>
			<bean class="org.apache.cxf.interceptor.LoggingInInterceptor"/>
			<bean class="org.apache.cxf.interceptor.LoggingOutInterceptor"/>

When a SOAP message is created and sent with the following header, the server do not process
the authentication and return the response :



So it is possible to bypass all the security checks configured and to use it.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message