Total
43 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-3451 | 1 Apache | 1 Cxf | 2023-02-13 | 4.3 MEDIUM | N/A |
| Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body. | |||||
| CVE-2012-2379 | 1 Apache | 1 Cxf | 2023-02-13 | 10.0 HIGH | N/A |
| Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors. | |||||
| CVE-2012-0803 | 1 Apache | 1 Cxf | 2023-02-13 | 7.5 HIGH | 9.8 CRITICAL |
| The WS-SP UsernameToken policy in Apache CXF 2.4.5 and 2.5.1 allows remote attackers to bypass authentication by sending an empty UsernameToken as part of a SOAP request. | |||||