Return-Path: 
 <issues-return-19789-apmail-cxf-issues-archive=cxf.apache.org@cxf.apache.org>
X-Original-To: apmail-cxf-issues-archive@www.apache.org
Delivered-To: apmail-cxf-issues-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 2405B9D70
	for <apmail-cxf-issues-archive@www.apache.org>;
 Mon, 23 Jan 2012 18:37:04 +0000 (UTC)
Received: (qmail 75449 invoked by uid 500); 23 Jan 2012 18:37:04 -0000
Delivered-To: apmail-cxf-issues-archive@cxf.apache.org
Received: (qmail 75366 invoked by uid 500); 23 Jan 2012 18:37:03 -0000
Mailing-List: contact issues-help@cxf.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:issues-help@cxf.apache.org>
List-Unsubscribe: <mailto:issues-unsubscribe@cxf.apache.org>
List-Post: <mailto:issues@cxf.apache.org>
List-Id: <issues.cxf.apache.org>
Reply-To: dev@cxf.apache.org
Delivered-To: mailing list issues@cxf.apache.org
Received: (qmail 75349 invoked by uid 99); 23 Jan 2012 18:37:03 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 23 Jan 2012 18:37:03 +0000
X-ASF-Spam-Status: No, hits=-2000.0 required=5.0
	tests=ALL_TRUSTED,T_RP_MATCHES_RCVD
X-Spam-Check-By: apache.org
Received: from [140.211.11.116] (HELO hel.zones.apache.org) (140.211.11.116)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 23 Jan 2012 18:37:00 +0000
Received: from hel.zones.apache.org (hel.zones.apache.org [140.211.11.116])
	by hel.zones.apache.org (Postfix) with ESMTP id F1F8C15E7FB
	for <issues@cxf.apache.org>; Mon, 23 Jan 2012 18:36:39 +0000 (UTC)
Date: Mon, 23 Jan 2012 18:36:39 +0000 (UTC)
From: "Daniel Kulp (Created) (JIRA)" <jira@apache.org>
To: issues@cxf.apache.org
Message-ID: 
 <727893261.67669.1327343799992.JavaMail.tomcat@hel.zones.apache.org>
Subject: [jira] [Created] (CXF-4056) Faults on server are echoing headers
 back to the client
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394
X-Virus-Checked: Checked by ClamAV on apache.org

Faults on server are echoing headers back to the client
-------------------------------------------------------

                 Key: CXF-4056
                 URL: https://issues.apache.org/jira/browse/CXF-4056
             Project: CXF
          Issue Type: Bug
          Components: Soap Binding
    Affects Versions: 2.5.2
            Reporter: Daniel Kulp
            Assignee: Daniel Kulp
             Fix For: 2.4.7, 2.5.3



The SoapHeaderOutFilterInterceptor that filters out the incoming headers is only installed on the Out chain.  It's not installed on the OutFault chain.  Thus, all the incoming headers are echoed back to the client which could result in WS-Addressing issues, security issues, etc...

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira