Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
BID:51886
Info
Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
| Bugtraq ID: | 51886 |
| Class: | Access Validation Error |
| CVE: |
CVE-2012-0803 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 07 2012 12:00AM |
| Updated: | Feb 07 2012 12:00AM |
| Credit: | Reported by the vendor |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
Apache CXF is prone to a security-bypass vulnerability.
An attacker may exploit this issue to bypass the UsernameToken policy and gain access to restricted services.
Apache CXF 2.4.5 and 2.5.1 are affected.
Apache CXF is prone to a security-bypass vulnerability.
An attacker may exploit this issue to bypass the UsernameToken policy and gain access to restricted services.
Apache CXF 2.4.5 and 2.5.1 are affected.
Exploit / POC
Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
Attackers can exploit this issue using a browser or readily available tools.
Attackers can exploit this issue using a browser or readily available tools.
Solution / Fix
Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
Apache CXF UsernameToken Policy Validation Security Bypass Vulnerability
References:
References:
- Apache CXF Homepage (Apache Software Foundation)
- CVE-2012-0803: Apache CXF does not validate UsernameToken policies correctly (Apache Software Foundation)