CVE-2012-5633 - Vulnerability Details

Vendors	Products
Apache	Cxf
Redhat	Fuse Esb Enterprise Jboss Enterprise Application Platform Jboss Enterprise Brms Platform Jboss Enterprise Portal Platform Jboss Enterprise Soa Platform Jboss Enterprise Web Platform

Package	CPE	Advisory	Released Date
Fuse ESB Enterprise 7.1.0
	cpe:/a:redhat:fuse_esb_enterprise:7.1.0	RHSA-2013:0649	2013-03-14T00:00:00Z
JBEWP 5 for RHEL 5
apache-cxf-0:2.2.12-10.patch_06.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_platform:5::el5	RHSA-2013:0259	2013-02-13T00:00:00Z
JBEWP 5 for RHEL 6
apache-cxf-0:2.2.12-10.patch_06.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_platform:5::el6	RHSA-2013:0259	2013-02-13T00:00:00Z
JBoss Enterprise BRMS Platform 5.3
	cpe:/a:redhat:jboss_enterprise_brms_platform:5.3	RHSA-2013:0743	2013-04-15T00:00:00Z
Red Hat JBoss Enterprise Application Platform 5.2
	cpe:/a:redhat:jboss_enterprise_application_platform:5.2.0	RHSA-2013:0256	2013-02-13T00:00:00Z
Red Hat JBoss Enterprise Application Platform 5 for RHEL 4
apache-cxf-0:2.2.12-10.patch_06.ep5.el4	cpe:/a:redhat:jboss_enterprise_application_platform:5::el4	RHSA-2013:0257	2013-02-13T00:00:00Z
Red Hat JBoss Enterprise Application Platform 5 for RHEL 5
apache-cxf-0:2.2.12-10.patch_06.ep5.el5	cpe:/a:redhat:jboss_enterprise_application_platform:5::el5	RHSA-2013:0257	2013-02-13T00:00:00Z
Red Hat JBoss Enterprise Application Platform 5 for RHEL 6
apache-cxf-0:2.2.12-10.patch_06.ep5.el6	cpe:/a:redhat:jboss_enterprise_application_platform:5::el6	RHSA-2013:0257	2013-02-13T00:00:00Z
Red Hat JBoss Enterprise Application Platform 6.0
	cpe:/a:redhat:jboss_enterprise_application_platform:6.0.1	RHSA-2013:0645	2013-03-13T00:00:00Z
Red Hat JBoss Enterprise Application Platform 6 for RHEL 5
apache-cxf-0:2.4.9-6.redhat_3.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:0644	2013-03-13T00:00:00Z
Red Hat JBoss Enterprise Application Platform 6 for RHEL 6
apache-cxf-0:2.4.9-6.redhat_3.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:0644	2013-03-13T00:00:00Z
Red Hat JBoss Portal 6.0
	cpe:/a:redhat:jboss_enterprise_portal_platform:6.0	RHSA-2013:0749	2013-04-16T00:00:00Z
Red Hat JBoss SOA Platform 5.3
	cpe:/a:redhat:jboss_enterprise_soa_platform:5.3	RHSA-2013:0726	2013-04-09T00:00:00Z
Red Hat JBoss Web Platform 5.2
	cpe:/a:redhat:jboss_enterprise_web_platform:5.2.0	RHSA-2013:0258	2013-02-13T00:00:00Z

Link	Providers
http://cxf.apache.org/cve-2012-5633.html
http://osvdb.org/90079
http://packetstormsecurity.com/files/120213/Apache-CXF-WS-Security-URIMappingInterceptor-Bypass.html
http://rhn.redhat.com/errata/RHSA-2013-0256.html
http://rhn.redhat.com/errata/RHSA-2013-0257.html
http://rhn.redhat.com/errata/RHSA-2013-0258.html
http://rhn.redhat.com/errata/RHSA-2013-0259.html
http://rhn.redhat.com/errata/RHSA-2013-0726.html
http://rhn.redhat.com/errata/RHSA-2013-0743.html
http://rhn.redhat.com/errata/RHSA-2013-0749.html
http://seclists.org/fulldisclosure/2013/Feb/39
http://secunia.com/advisories/51988
http://secunia.com/advisories/52183
http://stackoverflow.com/questions/7933293/why-does-apache-cxf-ws-security-implementation-ignore-get-requests
http://svn.apache.org/viewvc?view=revision&revision=1409324
http://svn.apache.org/viewvc?view=revision&revision=1420698
http://www.securityfocus.com/bid/57874
https://exchange.xforce.ibmcloud.com/vulnerabilities/81980
https://issues.apache.org/jira/browse/CXF-4629
https://issues.jboss.org/browse/JBWS-3575
https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2012-5633
https://www.cve.org/CVERecord?id=CVE-2012-5633

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-11-12T00:00:00", "descriptions": [{"lang": "en", "value": "The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-06-16T11:06:18", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "51988", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/51988"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://svn.apache.org/viewvc?view=revision&revision=1409324"}, {"tags": ["x_refsource_MISC"], "url": "http://stackoverflow.com/questions/7933293/why-does-apache-cxf-ws-security-implementation-ignore-get-requests"}, {"name": "20130208 New security advisories for Apache CXF", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2013/Feb/39"}, {"name": "RHSA-2013:0256", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0256.html"}, {"name": "90079", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/90079"}, {"name": "RHSA-2013:0257", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0257.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://svn.apache.org/viewvc?view=revision&revision=1420698"}, {"tags": ["x_refsource_MISC"], "url": "https://issues.jboss.org/browse/JBWS-3575"}, {"name": "57874", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/57874"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://issues.apache.org/jira/browse/CXF-4629"}, {"name": "RHSA-2013:0258", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0258.html"}, {"name": "52183", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/52183"}, {"name": "RHSA-2013:0749", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0749.html"}, {"name": "RHSA-2013:0743", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0743.html"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/120213/Apache-CXF-WS-Security-URIMappingInterceptor-Bypass.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://cxf.apache.org/cve-2012-5633.html"}, {"name": "apachecxf-wssecurity-security-bypass(81980)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81980"}, {"name": "RHSA-2013:0259", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0259.html"}, {"name": "RHSA-2013:0726", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0726.html"}, {"name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T21:14:16.218Z"}, "title": "CVE Program Container", "references": [{"name": "51988", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/51988"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://svn.apache.org/viewvc?view=revision&revision=1409324"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://stackoverflow.com/questions/7933293/why-does-apache-cxf-ws-security-implementation-ignore-get-requests"}, {"name": "20130208 New security advisories for Apache CXF", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2013/Feb/39"}, {"name": "RHSA-2013:0256", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0256.html"}, {"name": "90079", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/90079"}, {"name": "RHSA-2013:0257", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0257.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://svn.apache.org/viewvc?view=revision&revision=1420698"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://issues.jboss.org/browse/JBWS-3575"}, {"name": "57874", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/57874"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://issues.apache.org/jira/browse/CXF-4629"}, {"name": "RHSA-2013:0258", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0258.html"}, {"name": "52183", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/52183"}, {"name": "RHSA-2013:0749", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0749.html"}, {"name": "RHSA-2013:0743", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0743.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/120213/Apache-CXF-WS-Security-URIMappingInterceptor-Bypass.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://cxf.apache.org/cve-2012-5633.html"}, {"name": "apachecxf-wssecurity-security-bypass(81980)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81980"}, {"name": "RHSA-2013:0259", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0259.html"}, {"name": "RHSA-2013:0726", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0726.html"}, {"name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E"}, {"name": "[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-5633", "datePublished": "2013-03-12T22:00:00", "dateReserved": "2012-10-24T00:00:00", "dateUpdated": "2024-08-06T21:14:16.218Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2012-11-12T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2021-06-16T11:06:18 (string)

orgId : 53f830b8-0a3f-465b-8143-3b8a9948e749 (string)

shortName : redhat (string)

}

references : [ »

0 : { »

name : 51988 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/51988 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://svn.apache.org/viewvc?view=revision&revision=1409324 (string)

}

2 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : http://stackoverflow.com/questions/7933293/why-does-apache-cxf-ws-security-implementation-ignore-get-requests (string)

}

3 : { »

name : 20130208 New security advisories for Apache CXF (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_FULLDISC (string)

]

url : http://seclists.org/fulldisclosure/2013/Feb/39 (string)

}

4 : { »

name : RHSA-2013:0256 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2013-0256.html (string)

}

5 : { »

name : 90079 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_OSVDB (string)

]

url : http://osvdb.org/90079 (string)

}

6 : { »

name : RHSA-2013:0257 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2013-0257.html (string)

}

7 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://svn.apache.org/viewvc?view=revision&revision=1420698 (string)

}

8 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://issues.jboss.org/browse/JBWS-3575 (string)

}

9 : { »

name : 57874 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/57874 (string)

}

10 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://issues.apache.org/jira/browse/CXF-4629 (string)

}

11 : { »

name : RHSA-2013:0258 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2013-0258.html (string)

}

12 : { »

name : 52183 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/52183 (string)

}

13 : { »

name : RHSA-2013:0749 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2013-0749.html (string)

}

14 : { »

name : RHSA-2013:0743 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2013-0743.html (string)

}

15 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : http://packetstormsecurity.com/files/120213/Apache-CXF-WS-Security-URIMappingInterceptor-Bypass.html (string)

}

16 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://cxf.apache.org/cve-2012-5633.html (string)

}

17 : { »

name : apachecxf-wssecurity-security-bypass(81980) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/81980 (string)

}

18 : { »

name : RHSA-2013:0259 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2013-0259.html (string)

}

19 : { »

name : RHSA-2013:0726 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2013-0726.html (string)

}

20 : { »

name : [cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E (string)

}

21 : { »

name : [cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E (string)

}

22 : { »

name : [cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E (string)

}

23 : { »

name : [cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E (string)

}

24 : { »

name : [cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E (string)

}

25 : { »

name : [cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T21:14:16.218Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : 51988 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/51988 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://svn.apache.org/viewvc?view=revision&revision=1409324 (string)

}

2 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : http://stackoverflow.com/questions/7933293/why-does-apache-cxf-ws-security-implementation-ignore-get-requests (string)

}

3 : { »

name : 20130208 New security advisories for Apache CXF (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_FULLDISC (string)

2 : x_transferred (string)

]

url : http://seclists.org/fulldisclosure/2013/Feb/39 (string)

}

4 : { »

name : RHSA-2013:0256 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2013-0256.html (string)

}

5 : { »

name : 90079 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_OSVDB (string)

2 : x_transferred (string)

]

url : http://osvdb.org/90079 (string)

}

6 : { »

name : RHSA-2013:0257 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2013-0257.html (string)

}

7 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://svn.apache.org/viewvc?view=revision&revision=1420698 (string)

}

8 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://issues.jboss.org/browse/JBWS-3575 (string)

}

9 : { »

name : 57874 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/57874 (string)

}

10 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://issues.apache.org/jira/browse/CXF-4629 (string)

}

11 : { »

name : RHSA-2013:0258 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2013-0258.html (string)

}

12 : { »

name : 52183 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/52183 (string)

}

13 : { »

name : RHSA-2013:0749 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2013-0749.html (string)

}

14 : { »

name : RHSA-2013:0743 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2013-0743.html (string)

}

15 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : http://packetstormsecurity.com/files/120213/Apache-CXF-WS-Security-URIMappingInterceptor-Bypass.html (string)

}

16 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://cxf.apache.org/cve-2012-5633.html (string)

}

17 : { »

name : apachecxf-wssecurity-security-bypass(81980) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

2 : x_transferred (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/81980 (string)

}

18 : { »

name : RHSA-2013:0259 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2013-0259.html (string)

}

19 : { »

name : RHSA-2013:0726 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2013-0726.html (string)

}

20 : { »

name : [cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E (string)

}

21 : { »

name : [cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E (string)

}

22 : { »

name : [cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E (string)

}

23 : { »

name : [cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E (string)

}

24 : { »

name : [cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E (string)

}

25 : { »

name : [cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 53f830b8-0a3f-465b-8143-3b8a9948e749 (string)

assignerShortName : redhat (string)

cveId : CVE-2012-5633 (string)

datePublished : 2013-03-12T22:00:00 (string)

dateReserved : 2012-10-24T00:00:00 (string)

dateUpdated : 2024-08-06T21:14:16.218Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*", "matchCriteriaId": "FAE257D3-9997-48D6-A206-C13F69D264C0", "versionEndIncluding": "2.5.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "D24246B2-915D-494B-9863-CF0B662BE54D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "6915B2EC-AA31-44B5-A5F3-3EE1FDD0ABC7", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "90280778-F7D6-49E2-9C7F-9F5F58137FDE", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "962F2A85-4731-450B-986B-E1A79986F143", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "49F920D4-1102-4D30-ABD8-F47342DA735A", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.5.5:*:*:*:*:*:*:*", "matchCriteriaId": "84FD5387-E292-458A-9E8C-85C082461594", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.5.6:*:*:*:*:*:*:*", "matchCriteriaId": "9D523A5E-24A7-43D7-AE54-02EBF13537D2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:cxf:2.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A4FC7D67-80A3-43F6-8D46-F13F37A017CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "4F069B04-FDA0-41C3-BCAC-C74A310078B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "EED986C6-39C6-4F2A-86F7-C2CE9BBE25B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "EE5CF2CB-B33D-4C51-84C3-8C10E3E26193", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "7BACD3A8-2FEE-4CB7-9229-06679D6D8150", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:cxf:2.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "C629A8A7-BFB3-453B-9BCA-3873512410FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cxf:2.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "346AF04F-E0C5-45EE-A421-2E1A4E2B57FB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request."}, {"lang": "es", "value": "El URIMappingInterceptor en Apache CXF anterior a v2.5.8, v2.6.x anterior a v2.6.5, y v2.7.x anterior a v2.7.2, cuando utiliza el WSS4JInInterceptor, evita el procesamiento de WS-Security, lo que permite a atacantes remotos obtener acceso a los servicios SOAP mediante una petici\u00f3n HTTP GET."}], "id": "CVE-2012-5633", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-03-12T23:55:01.497", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://cxf.apache.org/cve-2012-5633.html"}, {"source": "secalert@redhat.com", "url": "http://osvdb.org/90079"}, {"source": "secalert@redhat.com", "url": "http://packetstormsecurity.com/files/120213/Apache-CXF-WS-Security-URIMappingInterceptor-Bypass.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-0256.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-0257.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-0258.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-0259.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-0726.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-0743.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-0749.html"}, {"source": "secalert@redhat.com", "url": "http://seclists.org/fulldisclosure/2013/Feb/39"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/51988"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/52183"}, {"source": "secalert@redhat.com", "url": "http://stackoverflow.com/questions/7933293/why-does-apache-cxf-ws-security-implementation-ignore-get-requests"}, {"source": "secalert@redhat.com", "url": "http://svn.apache.org/viewvc?view=revision&revision=1409324"}, {"source": "secalert@redhat.com", "url": "http://svn.apache.org/viewvc?view=revision&revision=1420698"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/57874"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81980"}, {"source": "secalert@redhat.com", "url": "https://issues.apache.org/jira/browse/CXF-4629"}, {"source": "secalert@redhat.com", "url": "https://issues.jboss.org/browse/JBWS-3575"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E"}, {"source": "secalert@redhat.com", "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://cxf.apache.org/cve-2012-5633.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/90079"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://packetstormsecurity.com/files/120213/Apache-CXF-WS-Security-URIMappingInterceptor-Bypass.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2013-0256.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2013-0257.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2013-0258.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2013-0259.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2013-0726.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2013-0743.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2013-0749.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2013/Feb/39"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/51988"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/52183"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://stackoverflow.com/questions/7933293/why-does-apache-cxf-ws-security-implementation-ignore-get-requests"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://svn.apache.org/viewvc?view=revision&revision=1409324"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://svn.apache.org/viewvc?view=revision&revision=1420698"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/57874"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81980"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://issues.apache.org/jira/browse/CXF-4629"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://issues.jboss.org/browse/JBWS-3575"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:* (string)

matchCriteriaId : FAE257D3-9997-48D6-A206-C13F69D264C0 (string)

versionEndIncluding : 2.5.7 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:apache:cxf:2.5.0:*:*:*:*:*:*:* (string)

matchCriteriaId : D24246B2-915D-494B-9863-CF0B662BE54D (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:apache:cxf:2.5.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 6915B2EC-AA31-44B5-A5F3-3EE1FDD0ABC7 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:apache:cxf:2.5.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 90280778-F7D6-49E2-9C7F-9F5F58137FDE (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:apache:cxf:2.5.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 962F2A85-4731-450B-986B-E1A79986F143 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:apache:cxf:2.5.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 49F920D4-1102-4D30-ABD8-F47342DA735A (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:apache:cxf:2.5.5:*:*:*:*:*:*:* (string)

matchCriteriaId : 84FD5387-E292-458A-9E8C-85C082461594 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:apache:cxf:2.5.6:*:*:*:*:*:*:* (string)

matchCriteriaId : 9D523A5E-24A7-43D7-AE54-02EBF13537D2 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:apache:cxf:2.6.0:*:*:*:*:*:*:* (string)

matchCriteriaId : A4FC7D67-80A3-43F6-8D46-F13F37A017CF (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:apache:cxf:2.6.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 4F069B04-FDA0-41C3-BCAC-C74A310078B7 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:apache:cxf:2.6.2:*:*:*:*:*:*:* (string)

matchCriteriaId : EED986C6-39C6-4F2A-86F7-C2CE9BBE25B4 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:apache:cxf:2.6.3:*:*:*:*:*:*:* (string)

matchCriteriaId : EE5CF2CB-B33D-4C51-84C3-8C10E3E26193 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:apache:cxf:2.6.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 7BACD3A8-2FEE-4CB7-9229-06679D6D8150 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:apache:cxf:2.7.0:*:*:*:*:*:*:* (string)

matchCriteriaId : C629A8A7-BFB3-453B-9BCA-3873512410FA (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:apache:cxf:2.7.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 346AF04F-E0C5-45EE-A421-2E1A4E2B57FB (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request. (string)

}

1 : { »

lang : es (string)

value : El URIMappingInterceptor en Apache CXF anterior a v2.5.8, v2.6.x anterior a v2.6.5, y v2.7.x anterior a v2.7.2, cuando utiliza el WSS4JInInterceptor, evita el procesamiento de WS-Security, lo que permite a atacantes remotos obtener acceso a los servicios SOAP mediante una petición HTTP GET. (string)

}

]

id : CVE-2012-5633 (string)

lastModified : 2025-04-11T00:51:21.963 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 5.8 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:M/Au:N/C:P/I:P/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 8.6 (number)

impactScore : 4.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

}

published : 2013-03-12T23:55:01.497 (string)

references : [ »

0 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://cxf.apache.org/cve-2012-5633.html (string)

}

1 : { »

source : secalert@redhat.com (string)

url : http://osvdb.org/90079 (string)

}

2 : { »

source : secalert@redhat.com (string)

url : http://packetstormsecurity.com/files/120213/Apache-CXF-WS-Security-URIMappingInterceptor-Bypass.html (string)

}

3 : { »

source : secalert@redhat.com (string)

url : http://rhn.redhat.com/errata/RHSA-2013-0256.html (string)

}

4 : { »

source : secalert@redhat.com (string)

url : http://rhn.redhat.com/errata/RHSA-2013-0257.html (string)

}

5 : { »

source : secalert@redhat.com (string)

url : http://rhn.redhat.com/errata/RHSA-2013-0258.html (string)

}

6 : { »

source : secalert@redhat.com (string)

url : http://rhn.redhat.com/errata/RHSA-2013-0259.html (string)

}

7 : { »

source : secalert@redhat.com (string)

url : http://rhn.redhat.com/errata/RHSA-2013-0726.html (string)

}

8 : { »

source : secalert@redhat.com (string)

url : http://rhn.redhat.com/errata/RHSA-2013-0743.html (string)

}

9 : { »

source : secalert@redhat.com (string)

url : http://rhn.redhat.com/errata/RHSA-2013-0749.html (string)

}

10 : { »

source : secalert@redhat.com (string)

url : http://seclists.org/fulldisclosure/2013/Feb/39 (string)

}

11 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://secunia.com/advisories/51988 (string)

}

12 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://secunia.com/advisories/52183 (string)

}

13 : { »

source : secalert@redhat.com (string)

url : http://stackoverflow.com/questions/7933293/why-does-apache-cxf-ws-security-implementation-ignore-get-requests (string)

}

14 : { »

source : secalert@redhat.com (string)

url : http://svn.apache.org/viewvc?view=revision&revision=1409324 (string)

}

15 : { »

source : secalert@redhat.com (string)

url : http://svn.apache.org/viewvc?view=revision&revision=1420698 (string)

}

16 : { »

source : secalert@redhat.com (string)

url : http://www.securityfocus.com/bid/57874 (string)

}

17 : { »

source : secalert@redhat.com (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/81980 (string)

}

18 : { »

source : secalert@redhat.com (string)

url : https://issues.apache.org/jira/browse/CXF-4629 (string)

}

19 : { »

source : secalert@redhat.com (string)

url : https://issues.jboss.org/browse/JBWS-3575 (string)

}

20 : { »

source : secalert@redhat.com (string)

url : https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E (string)

}

21 : { »

source : secalert@redhat.com (string)

url : https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E (string)

}

22 : { »

source : secalert@redhat.com (string)

url : https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E (string)

}

23 : { »

source : secalert@redhat.com (string)

url : https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E (string)

}

24 : { »

source : secalert@redhat.com (string)

url : https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E (string)

}

25 : { »

source : secalert@redhat.com (string)

url : https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E (string)

}

26 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://cxf.apache.org/cve-2012-5633.html (string)

}

27 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://osvdb.org/90079 (string)

}

28 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://packetstormsecurity.com/files/120213/Apache-CXF-WS-Security-URIMappingInterceptor-Bypass.html (string)

}

29 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://rhn.redhat.com/errata/RHSA-2013-0256.html (string)

}

30 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://rhn.redhat.com/errata/RHSA-2013-0257.html (string)

}

31 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://rhn.redhat.com/errata/RHSA-2013-0258.html (string)

}

32 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://rhn.redhat.com/errata/RHSA-2013-0259.html (string)

}

33 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://rhn.redhat.com/errata/RHSA-2013-0726.html (string)

}

34 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://rhn.redhat.com/errata/RHSA-2013-0743.html (string)

}

35 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://rhn.redhat.com/errata/RHSA-2013-0749.html (string)

}

36 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://seclists.org/fulldisclosure/2013/Feb/39 (string)

}

37 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://secunia.com/advisories/51988 (string)

}

38 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://secunia.com/advisories/52183 (string)

}

39 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://stackoverflow.com/questions/7933293/why-does-apache-cxf-ws-security-implementation-ignore-get-requests (string)

}

40 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://svn.apache.org/viewvc?view=revision&revision=1409324 (string)

}

41 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://svn.apache.org/viewvc?view=revision&revision=1420698 (string)

}

42 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securityfocus.com/bid/57874 (string)

}

43 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/81980 (string)

}

44 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://issues.apache.org/jira/browse/CXF-4629 (string)

}

45 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://issues.jboss.org/browse/JBWS-3575 (string)

}

46 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E (string)

}

47 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E (string)

}

48 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E (string)

}

49 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E (string)

}

50 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E (string)

}

51 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E (string)

}

]

sourceIdentifier : secalert@redhat.com (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-287 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"affected_release": [{"advisory": "RHSA-2013:0649", "cpe": "cpe:/a:redhat:fuse_esb_enterprise:7.1.0", "product_name": "Fuse ESB Enterprise 7.1.0", "release_date": "2013-03-14T00:00:00Z"}, {"advisory": "RHSA-2013:0259", "cpe": "cpe:/a:redhat:jboss_enterprise_web_platform:5::el5", "package": "apache-cxf-0:2.2.12-10.patch_06.ep5.el5", "product_name": "JBEWP 5 for RHEL 5", "release_date": "2013-02-13T00:00:00Z"}, {"advisory": "RHSA-2013:0259", "cpe": "cpe:/a:redhat:jboss_enterprise_web_platform:5::el6", "package": "apache-cxf-0:2.2.12-10.patch_06.ep5.el6", "product_name": "JBEWP 5 for RHEL 6", "release_date": "2013-02-13T00:00:00Z"}, {"advisory": "RHSA-2013:0743", "cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:5.3", "product_name": "JBoss Enterprise BRMS Platform 5.3", "release_date": "2013-04-15T00:00:00Z"}, {"advisory": "RHSA-2013:0256", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5.2.0", "product_name": "Red Hat JBoss Enterprise Application Platform 5.2", "release_date": "2013-02-13T00:00:00Z"}, {"advisory": "RHSA-2013:0257", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5::el4", "package": "apache-cxf-0:2.2.12-10.patch_06.ep5.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 4", "release_date": "2013-02-13T00:00:00Z"}, {"advisory": "RHSA-2013:0257", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5::el5", "package": "apache-cxf-0:2.2.12-10.patch_06.ep5.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 5", "release_date": "2013-02-13T00:00:00Z"}, {"advisory": "RHSA-2013:0257", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5::el6", "package": "apache-cxf-0:2.2.12-10.patch_06.ep5.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 6", "release_date": "2013-02-13T00:00:00Z"}, {"advisory": "RHSA-2013:0645", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6.0.1", "product_name": "Red Hat JBoss Enterprise Application Platform 6.0", "release_date": "2013-03-13T00:00:00Z"}, {"advisory": "RHSA-2013:0644", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "apache-cxf-0:2.4.9-6.redhat_3.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date": "2013-03-13T00:00:00Z"}, {"advisory": "RHSA-2013:0644", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "apache-cxf-0:2.4.9-6.redhat_3.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date": "2013-03-13T00:00:00Z"}, {"advisory": "RHSA-2013:0749", "cpe": "cpe:/a:redhat:jboss_enterprise_portal_platform:6.0", "product_name": "Red Hat JBoss Portal 6.0", "release_date": "2013-04-16T00:00:00Z"}, {"advisory": "RHSA-2013:0726", "cpe": "cpe:/a:redhat:jboss_enterprise_soa_platform:5.3", "product_name": "Red Hat JBoss SOA Platform 5.3", "release_date": "2013-04-09T00:00:00Z"}, {"advisory": "RHSA-2013:0258", "cpe": "cpe:/a:redhat:jboss_enterprise_web_platform:5.2.0", "product_name": "Red Hat JBoss Web Platform 5.2", "release_date": "2013-02-13T00:00:00Z"}], "bugzilla": {"description": "apache-cxf: Bypass of security constraints on WS endpoints when using WSS4JInInterceptor", "id": "889008", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=889008"}, "csaw": false, "cvss": {"cvss_base_score": "6.4", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "status": "verified"}, "details": ["The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request."], "name": "CVE-2012-5633", "package_state": [{"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:5", "fix_state": "Affected", "package_name": "Security", "product_name": "Red Hat JBoss BRMS 5"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_soa_platform:5", "fix_state": "Affected", "package_name": "Security", "product_name": "Red Hat JBoss SOA Platform 5"}], "public_date": "2013-02-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2012-5633\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-5633"], "threat_severity": "Important"}

{

affected_release : [ »

0 : { »

advisory : RHSA-2013:0649 (string)

cpe : cpe:/a:redhat:fuse_esb_enterprise:7.1.0 (string)

product_name : Fuse ESB Enterprise 7.1.0 (string)

release_date : 2013-03-14T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2013:0259 (string)

cpe : cpe:/a:redhat:jboss_enterprise_web_platform:5::el5 (string)

package : apache-cxf-0:2.2.12-10.patch_06.ep5.el5 (string)

product_name : JBEWP 5 for RHEL 5 (string)

release_date : 2013-02-13T00:00:00Z (string)

}

2 : { »

advisory : RHSA-2013:0259 (string)

cpe : cpe:/a:redhat:jboss_enterprise_web_platform:5::el6 (string)

package : apache-cxf-0:2.2.12-10.patch_06.ep5.el6 (string)

product_name : JBEWP 5 for RHEL 6 (string)

release_date : 2013-02-13T00:00:00Z (string)

}

3 : { »

advisory : RHSA-2013:0743 (string)

cpe : cpe:/a:redhat:jboss_enterprise_brms_platform:5.3 (string)

product_name : JBoss Enterprise BRMS Platform 5.3 (string)

release_date : 2013-04-15T00:00:00Z (string)

}

4 : { »

advisory : RHSA-2013:0256 (string)

cpe : cpe:/a:redhat:jboss_enterprise_application_platform:5.2.0 (string)

product_name : Red Hat JBoss Enterprise Application Platform 5.2 (string)

release_date : 2013-02-13T00:00:00Z (string)

}

5 : { »

advisory : RHSA-2013:0257 (string)

cpe : cpe:/a:redhat:jboss_enterprise_application_platform:5::el4 (string)

package : apache-cxf-0:2.2.12-10.patch_06.ep5.el4 (string)

product_name : Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 (string)

release_date : 2013-02-13T00:00:00Z (string)

}

6 : { »

advisory : RHSA-2013:0257 (string)

cpe : cpe:/a:redhat:jboss_enterprise_application_platform:5::el5 (string)

package : apache-cxf-0:2.2.12-10.patch_06.ep5.el5 (string)

product_name : Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 (string)

release_date : 2013-02-13T00:00:00Z (string)

}

7 : { »

advisory : RHSA-2013:0257 (string)

cpe : cpe:/a:redhat:jboss_enterprise_application_platform:5::el6 (string)

package : apache-cxf-0:2.2.12-10.patch_06.ep5.el6 (string)

product_name : Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 (string)

release_date : 2013-02-13T00:00:00Z (string)

}

8 : { »

advisory : RHSA-2013:0645 (string)

cpe : cpe:/a:redhat:jboss_enterprise_application_platform:6.0.1 (string)

product_name : Red Hat JBoss Enterprise Application Platform 6.0 (string)

release_date : 2013-03-13T00:00:00Z (string)

}

9 : { »

advisory : RHSA-2013:0644 (string)

cpe : cpe:/a:redhat:jboss_enterprise_application_platform:6::el5 (string)

package : apache-cxf-0:2.4.9-6.redhat_3.ep6.el5 (string)

product_name : Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 (string)

release_date : 2013-03-13T00:00:00Z (string)

}

10 : { »

advisory : RHSA-2013:0644 (string)

cpe : cpe:/a:redhat:jboss_enterprise_application_platform:6::el6 (string)

package : apache-cxf-0:2.4.9-6.redhat_3.ep6.el6 (string)

product_name : Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 (string)

release_date : 2013-03-13T00:00:00Z (string)

}

11 : { »

advisory : RHSA-2013:0749 (string)

cpe : cpe:/a:redhat:jboss_enterprise_portal_platform:6.0 (string)

product_name : Red Hat JBoss Portal 6.0 (string)

release_date : 2013-04-16T00:00:00Z (string)

}

12 : { »

advisory : RHSA-2013:0726 (string)

cpe : cpe:/a:redhat:jboss_enterprise_soa_platform:5.3 (string)

product_name : Red Hat JBoss SOA Platform 5.3 (string)

release_date : 2013-04-09T00:00:00Z (string)

}

13 : { »

advisory : RHSA-2013:0258 (string)

cpe : cpe:/a:redhat:jboss_enterprise_web_platform:5.2.0 (string)

product_name : Red Hat JBoss Web Platform 5.2 (string)

release_date : 2013-02-13T00:00:00Z (string)

}

]

bugzilla : { »

description : apache-cxf: Bypass of security constraints on WS endpoints when using WSS4JInInterceptor (string)

id : 889008 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=889008 (string)

}

csaw : false (boolean)

cvss : { »

cvss_base_score : 6.4 (string)

cvss_scoring_vector : AV:N/AC:L/Au:N/C:P/I:P/A:N (string)

status : verified (string)

}

details : [ »

0 : The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request. (string)

]

name : CVE-2012-5633 (string)

package_state : [ »

0 : { »

cpe : cpe:/a:redhat:jboss_enterprise_brms_platform:5 (string)

fix_state : Affected (string)

package_name : Security (string)

product_name : Red Hat JBoss BRMS 5 (string)

}

1 : { »

cpe : cpe:/a:redhat:jboss_enterprise_soa_platform:5 (string)

fix_state : Affected (string)

package_name : Security (string)

product_name : Red Hat JBoss SOA Platform 5 (string)

}

]

public_date : 2013-02-08T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2012-5633 https://nvd.nist.gov/vuln/detail/CVE-2012-5633 (string)

]

threat_severity : Important (string)

}

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object