Action not permitted
Modal body text goes here.
CVE-2012-5633
Vulnerability from cvelistv5
Published
2013-03-12 22:00
Modified
2024-08-06 21:14
Severity ?
EPSS score ?
Summary
The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T21:14:16.218Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "51988", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/51988" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1409324" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://stackoverflow.com/questions/7933293/why-does-apache-cxf-ws-security-implementation-ignore-get-requests" }, { "name": "20130208 New security advisories for Apache CXF", "tags": [ "mailing-list", "x_refsource_FULLDISC", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2013/Feb/39" }, { "name": "RHSA-2013:0256", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0256.html" }, { "name": "90079", "tags": [ "vdb-entry", "x_refsource_OSVDB", "x_transferred" ], "url": "http://osvdb.org/90079" }, { "name": "RHSA-2013:0257", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0257.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1420698" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://issues.jboss.org/browse/JBWS-3575" }, { "name": "57874", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/57874" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://issues.apache.org/jira/browse/CXF-4629" }, { "name": "RHSA-2013:0258", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0258.html" }, { "name": "52183", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/52183" }, { "name": "RHSA-2013:0749", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0749.html" }, { "name": "RHSA-2013:0743", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0743.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/120213/Apache-CXF-WS-Security-URIMappingInterceptor-Bypass.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://cxf.apache.org/cve-2012-5633.html" }, { "name": "apachecxf-wssecurity-security-bypass(81980)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81980" }, { "name": "RHSA-2013:0259", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0259.html" }, { "name": "RHSA-2013:0726", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0726.html" }, { "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E" }, { "name": "[cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E" }, { "name": "[cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E" }, { "name": "[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E" }, { "name": "[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E" }, { "name": "[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-11-12T00:00:00", "descriptions": [ { "lang": "en", "value": "The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-16T11:06:18", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "51988", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/51988" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1409324" }, { "tags": [ "x_refsource_MISC" ], "url": "http://stackoverflow.com/questions/7933293/why-does-apache-cxf-ws-security-implementation-ignore-get-requests" }, { "name": "20130208 New security advisories for Apache CXF", "tags": [ "mailing-list", "x_refsource_FULLDISC" ], "url": "http://seclists.org/fulldisclosure/2013/Feb/39" }, { "name": "RHSA-2013:0256", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0256.html" }, { "name": "90079", "tags": [ "vdb-entry", "x_refsource_OSVDB" ], "url": "http://osvdb.org/90079" }, { "name": "RHSA-2013:0257", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0257.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1420698" }, { "tags": [ "x_refsource_MISC" ], "url": "https://issues.jboss.org/browse/JBWS-3575" }, { "name": "57874", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/57874" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://issues.apache.org/jira/browse/CXF-4629" }, { "name": "RHSA-2013:0258", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0258.html" }, { "name": "52183", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/52183" }, { "name": "RHSA-2013:0749", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0749.html" }, { "name": "RHSA-2013:0743", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0743.html" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/120213/Apache-CXF-WS-Security-URIMappingInterceptor-Bypass.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://cxf.apache.org/cve-2012-5633.html" }, { "name": "apachecxf-wssecurity-security-bypass(81980)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81980" }, { "name": "RHSA-2013:0259", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0259.html" }, { "name": "RHSA-2013:0726", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0726.html" }, { "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E" }, { "name": "[cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E" }, { "name": "[cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E" }, { "name": "[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E" }, { "name": "[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E" }, { "name": "[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-5633", "datePublished": "2013-03-12T22:00:00", "dateReserved": "2012-10-24T00:00:00", "dateUpdated": "2024-08-06T21:14:16.218Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2012-5633\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2013-03-12T23:55:01.497\",\"lastModified\":\"2023-02-13T00:26:57.743\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.\"},{\"lang\":\"es\",\"value\":\"El URIMappingInterceptor en Apache CXF anterior a v2.5.8, v2.6.x anterior a v2.6.5, y v2.7.x anterior a v2.7.2, cuando utiliza el WSS4JInInterceptor, evita el procesamiento de WS-Security, lo que permite a atacantes remotos obtener acceso a los servicios SOAP mediante una petici\u00f3n HTTP GET.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\",\"baseScore\":5.8},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5.7\",\"matchCriteriaId\":\"FAE257D3-9997-48D6-A206-C13F69D264C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cxf:2.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D24246B2-915D-494B-9863-CF0B662BE54D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cxf:2.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6915B2EC-AA31-44B5-A5F3-3EE1FDD0ABC7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cxf:2.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"90280778-F7D6-49E2-9C7F-9F5F58137FDE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cxf:2.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"962F2A85-4731-450B-986B-E1A79986F143\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cxf:2.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49F920D4-1102-4D30-ABD8-F47342DA735A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cxf:2.5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84FD5387-E292-458A-9E8C-85C082461594\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cxf:2.5.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D523A5E-24A7-43D7-AE54-02EBF13537D2\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cxf:2.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4FC7D67-80A3-43F6-8D46-F13F37A017CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cxf:2.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F069B04-FDA0-41C3-BCAC-C74A310078B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cxf:2.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EED986C6-39C6-4F2A-86F7-C2CE9BBE25B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cxf:2.6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE5CF2CB-B33D-4C51-84C3-8C10E3E26193\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cxf:2.6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BACD3A8-2FEE-4CB7-9229-06679D6D8150\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cxf:2.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C629A8A7-BFB3-453B-9BCA-3873512410FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:cxf:2.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"346AF04F-E0C5-45EE-A421-2E1A4E2B57FB\"}]}]}],\"references\":[{\"url\":\"http://cxf.apache.org/cve-2012-5633.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://osvdb.org/90079\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://packetstormsecurity.com/files/120213/Apache-CXF-WS-Security-URIMappingInterceptor-Bypass.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0256.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0257.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0258.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0259.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0726.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0743.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-0749.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://seclists.org/fulldisclosure/2013/Feb/39\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/51988\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/52183\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://stackoverflow.com/questions/7933293/why-does-apache-cxf-ws-security-implementation-ignore-get-requests\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://svn.apache.org/viewvc?view=revision\u0026revision=1409324\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://svn.apache.org/viewvc?view=revision\u0026revision=1420698\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/57874\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/81980\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://issues.apache.org/jira/browse/CXF-4629\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://issues.jboss.org/browse/JBWS-3575\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E\",\"source\":\"secalert@redhat.com\"}]}}" } }
rhsa-2013_0726
Vulnerability from csaf_redhat
Published
2013-04-09 18:04
Modified
2024-11-05 18:04
Summary
Red Hat Security Advisory: JBoss Enterprise SOA Platform 5.3.1 update
Notes
Topic
JBoss Enterprise SOA Platform 5.3.1 roll up patch 1, which fixes multiple
security issues and various bugs, is now available from the Red Hat
Customer Portal.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
JBoss Enterprise SOA Platform is the next-generation ESB and business
process automation infrastructure. JBoss Enterprise SOA Platform allows IT
to leverage existing (MoM and EAI), modern (SOA and BPM-Rules), and future
(EDA and CEP) integration methodologies to dramatically improve business
process execution speed and quality.
This roll up patch serves as a cumulative upgrade for JBoss Enterprise SOA
Platform 5.3.1. It includes various bug fixes. The following security
issues are also fixed with this release:
If web services were deployed using Apache CXF with the WSS4JInInterceptor
enabled to apply WS-Security processing, HTTP GET requests to these
services were always granted access, without applying authentication
checks. The URIMappingInterceptor is a legacy mechanism for allowing
REST-like access (via GET requests) to simple SOAP services. A remote
attacker could use this flaw to access the REST-like interface of a simple
SOAP service using GET requests that bypass the security constraints
applied by WSS4JInInterceptor. This flaw was only exploitable if
WSS4JInInterceptor was used to apply WS-Security processing. Services that
use WS-SecurityPolicy to apply security were not affected. (CVE-2012-5633)
It was found that Apache CXF was vulnerable to SOAPAction spoofing attacks
under certain conditions. If web services were exposed via Apache CXF that
use a unique SOAPAction for each service operation, then a remote attacker
could perform SOAPAction spoofing to call a forbidden operation if it
accepts the same parameters as an allowed operation. WS-Policy validation
was performed against the operation being invoked, and an attack must pass
validation to be successful. (CVE-2012-3451)
Multiple weaknesses were found in the JBoss Web DIGEST authentication
implementation, effectively reducing the security normally provided by
DIGEST authentication. A remote attacker could use these flaws to perform
replay attacks in some circumstances. (CVE-2012-5885, CVE-2012-5886,
CVE-2012-5887)
Red Hat would like to thank the Apache CXF project for reporting
CVE-2012-3451.
Warning: Before applying the update, back up your existing JBoss Enterprise
SOA Platform installation (including its databases, applications,
configuration files, and so on).
All users of JBoss Enterprise SOA Platform 5.3.1 as provided from the Red
Hat Customer Portal are advised to apply this roll up patch.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "JBoss Enterprise SOA Platform 5.3.1 roll up patch 1, which fixes multiple\nsecurity issues and various bugs, is now available from the Red Hat\nCustomer Portal.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "JBoss Enterprise SOA Platform is the next-generation ESB and business\nprocess automation infrastructure. JBoss Enterprise SOA Platform allows IT\nto leverage existing (MoM and EAI), modern (SOA and BPM-Rules), and future\n(EDA and CEP) integration methodologies to dramatically improve business\nprocess execution speed and quality.\n\nThis roll up patch serves as a cumulative upgrade for JBoss Enterprise SOA\nPlatform 5.3.1. It includes various bug fixes. The following security\nissues are also fixed with this release:\n\nIf web services were deployed using Apache CXF with the WSS4JInInterceptor\nenabled to apply WS-Security processing, HTTP GET requests to these\nservices were always granted access, without applying authentication\nchecks. The URIMappingInterceptor is a legacy mechanism for allowing\nREST-like access (via GET requests) to simple SOAP services. A remote\nattacker could use this flaw to access the REST-like interface of a simple\nSOAP service using GET requests that bypass the security constraints\napplied by WSS4JInInterceptor. This flaw was only exploitable if\nWSS4JInInterceptor was used to apply WS-Security processing. Services that\nuse WS-SecurityPolicy to apply security were not affected. (CVE-2012-5633)\n\nIt was found that Apache CXF was vulnerable to SOAPAction spoofing attacks\nunder certain conditions. If web services were exposed via Apache CXF that\nuse a unique SOAPAction for each service operation, then a remote attacker\ncould perform SOAPAction spoofing to call a forbidden operation if it\naccepts the same parameters as an allowed operation. WS-Policy validation\nwas performed against the operation being invoked, and an attack must pass\nvalidation to be successful. (CVE-2012-3451)\n\nMultiple weaknesses were found in the JBoss Web DIGEST authentication\nimplementation, effectively reducing the security normally provided by\nDIGEST authentication. A remote attacker could use these flaws to perform\nreplay attacks in some circumstances. (CVE-2012-5885, CVE-2012-5886,\nCVE-2012-5887)\n\nRed Hat would like to thank the Apache CXF project for reporting\nCVE-2012-3451.\n\nWarning: Before applying the update, back up your existing JBoss Enterprise\nSOA Platform installation (including its databases, applications,\nconfiguration files, and so on).\n\nAll users of JBoss Enterprise SOA Platform 5.3.1 as provided from the Red\nHat Customer Portal are advised to apply this roll up patch.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2013:0726", "url": "https://access.redhat.com/errata/RHSA-2013:0726" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=soaplatform\u0026downloadType=securityPatches\u0026version=5.3.1+GA", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=soaplatform\u0026downloadType=securityPatches\u0026version=5.3.1+GA" }, { "category": "external", "summary": "851896", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851896" }, { "category": "external", "summary": "873664", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=873664" }, { "category": "external", "summary": "889008", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=889008" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0726.json" } ], "title": "Red Hat Security Advisory: JBoss Enterprise SOA Platform 5.3.1 update", "tracking": { "current_release_date": "2024-11-05T18:04:49+00:00", "generator": { "date": "2024-11-05T18:04:49+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2013:0726", "initial_release_date": "2013-04-09T18:04:00+00:00", "revision_history": [ { "date": "2013-04-09T18:04:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2013-04-09T18:11:58+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T18:04:49+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss SOA Platform 5.3", "product": { "name": "Red Hat JBoss SOA Platform 5.3", "product_id": "Red Hat JBoss SOA Platform 5.3", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_soa_platform:5.3" } } } ], "category": "product_family", "name": "Red Hat JBoss Middleware" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Apache CXF project" ] } ], "cve": "CVE-2012-3451", "discovery_date": "2012-08-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "851896" } ], "notes": [ { "category": "description", "text": "Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-cxf: SOAPAction spoofing on document literal web services", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss SOA Platform 5.3" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-3451" }, { "category": "external", "summary": "RHBZ#851896", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851896" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-3451", "url": "https://www.cve.org/CVERecord?id=CVE-2012-3451" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3451", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3451" } ], "release_date": "2012-09-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-04-09T18:04:00+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise SOA Platform installation (including its\ndatabases, applications, configuration files, and so on).\n\nNote that it is recommended to halt the JBoss Enterprise SOA Platform\nserver by stopping the JBoss Application Server process before installing\nthis update, and then after installing the update, restart the JBoss\nEnterprise SOA Platform server by starting the JBoss Application Server\nprocess.", "product_ids": [ "Red Hat JBoss SOA Platform 5.3" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0726" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss SOA Platform 5.3" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apache-cxf: SOAPAction spoofing on document literal web services" }, { "cve": "CVE-2012-5633", "discovery_date": "2012-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "889008" } ], "notes": [ { "category": "description", "text": "The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-cxf: Bypass of security constraints on WS endpoints when using WSS4JInInterceptor", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss SOA Platform 5.3" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-5633" }, { "category": "external", "summary": "RHBZ#889008", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=889008" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-5633", "url": "https://www.cve.org/CVERecord?id=CVE-2012-5633" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-5633", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5633" } ], "release_date": "2013-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-04-09T18:04:00+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise SOA Platform installation (including its\ndatabases, applications, configuration files, and so on).\n\nNote that it is recommended to halt the JBoss Enterprise SOA Platform\nserver by stopping the JBoss Application Server process before installing\nthis update, and then after installing the update, restart the JBoss\nEnterprise SOA Platform server by starting the JBoss Application Server\nprocess.", "product_ids": [ "Red Hat JBoss SOA Platform 5.3" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0726" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss SOA Platform 5.3" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "apache-cxf: Bypass of security constraints on WS endpoints when using WSS4JInInterceptor" }, { "cve": "CVE-2012-5885", "discovery_date": "2012-11-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "873664" } ], "notes": [ { "category": "description", "text": "The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: three DIGEST authentication implementation issues", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss SOA Platform 5.3" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-5885" }, { "category": "external", "summary": "RHBZ#873664", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=873664" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-5885", "url": "https://www.cve.org/CVERecord?id=CVE-2012-5885" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-5885", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5885" } ], "release_date": "2012-11-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-04-09T18:04:00+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise SOA Platform installation (including its\ndatabases, applications, configuration files, and so on).\n\nNote that it is recommended to halt the JBoss Enterprise SOA Platform\nserver by stopping the JBoss Application Server process before installing\nthis update, and then after installing the update, restart the JBoss\nEnterprise SOA Platform server by starting the JBoss Application Server\nprocess.", "product_ids": [ "Red Hat JBoss SOA Platform 5.3" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0726" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss SOA Platform 5.3" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tomcat: three DIGEST authentication implementation issues" }, { "cve": "CVE-2012-5886", "discovery_date": "2012-11-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "873664" } ], "notes": [ { "category": "description", "text": "The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: three DIGEST authentication implementation issues", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss SOA Platform 5.3" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-5886" }, { "category": "external", "summary": "RHBZ#873664", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=873664" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-5886", "url": "https://www.cve.org/CVERecord?id=CVE-2012-5886" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-5886", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5886" } ], "release_date": "2012-11-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-04-09T18:04:00+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise SOA Platform installation (including its\ndatabases, applications, configuration files, and so on).\n\nNote that it is recommended to halt the JBoss Enterprise SOA Platform\nserver by stopping the JBoss Application Server process before installing\nthis update, and then after installing the update, restart the JBoss\nEnterprise SOA Platform server by starting the JBoss Application Server\nprocess.", "product_ids": [ "Red Hat JBoss SOA Platform 5.3" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0726" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss SOA Platform 5.3" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tomcat: three DIGEST authentication implementation issues" }, { "cve": "CVE-2012-5887", "discovery_date": "2012-11-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "873664" } ], "notes": [ { "category": "description", "text": "The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: three DIGEST authentication implementation issues", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss SOA Platform 5.3" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-5887" }, { "category": "external", "summary": "RHBZ#873664", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=873664" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-5887", "url": "https://www.cve.org/CVERecord?id=CVE-2012-5887" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-5887", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5887" } ], "release_date": "2012-11-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-04-09T18:04:00+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise SOA Platform installation (including its\ndatabases, applications, configuration files, and so on).\n\nNote that it is recommended to halt the JBoss Enterprise SOA Platform\nserver by stopping the JBoss Application Server process before installing\nthis update, and then after installing the update, restart the JBoss\nEnterprise SOA Platform server by starting the JBoss Application Server\nprocess.", "product_ids": [ "Red Hat JBoss SOA Platform 5.3" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0726" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss SOA Platform 5.3" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tomcat: three DIGEST authentication implementation issues" } ] }
rhsa-2013_0749
Vulnerability from csaf_redhat
Published
2013-04-16 18:51
Modified
2024-11-05 18:05
Summary
Red Hat Security Advisory: apache-cxf security update
Notes
Topic
An update for the Apache CXF component of JBoss Portal Platform 6.0.0 which
fixes two security issues is now available from the Red Hat Customer
Portal.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
Apache CXF is an open source services framework.
It was found that the Apache CXF UsernameTokenPolicyValidator and
UsernameTokenInterceptor allowed a UsernameToken element with no password
child element to bypass authentication. A remote attacker could use this
flaw to circumvent access controls applied to web services by omitting the
password in a UsernameToken. This flaw was exploitable on web services that
rely on WS-SecurityPolicy plain text UsernameTokens to authenticate users.
It was not exploitable when using hashed passwords or WS-Security without
WS-SecurityPolicy. (CVE-2013-0239)
If web services were deployed using Apache CXF with the WSS4JInInterceptor
enabled to apply WS-Security processing, HTTP GET requests to these
services were always granted access, without applying authentication
checks. The URIMappingInterceptor is a legacy mechanism for allowing
REST-like access (via GET requests) to simple SOAP services. A remote
attacker could use this flaw to access the REST-like interface of a simple
SOAP service using GET requests that bypass the security constraints
applied by WSS4JInInterceptor. This flaw was only exploitable if
WSS4JInInterceptor was used to apply WS-Security processing. Services that
use WS-SecurityPolicy to apply security were not affected. (CVE-2012-5633)
Warning: Before applying this update, back up all applications deployed on
JBoss Portal Platform, along with all customized configuration files, and
any databases and database settings.
All users of JBoss Portal Platform 6.0.0 as provided from the Red Hat
Customer Portal are advised to apply this update.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for the Apache CXF component of JBoss Portal Platform 6.0.0 which\nfixes two security issues is now available from the Red Hat Customer\nPortal.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "Apache CXF is an open source services framework.\n\nIt was found that the Apache CXF UsernameTokenPolicyValidator and\nUsernameTokenInterceptor allowed a UsernameToken element with no password\nchild element to bypass authentication. A remote attacker could use this\nflaw to circumvent access controls applied to web services by omitting the\npassword in a UsernameToken. This flaw was exploitable on web services that\nrely on WS-SecurityPolicy plain text UsernameTokens to authenticate users.\nIt was not exploitable when using hashed passwords or WS-Security without\nWS-SecurityPolicy. (CVE-2013-0239)\n\nIf web services were deployed using Apache CXF with the WSS4JInInterceptor\nenabled to apply WS-Security processing, HTTP GET requests to these\nservices were always granted access, without applying authentication\nchecks. The URIMappingInterceptor is a legacy mechanism for allowing\nREST-like access (via GET requests) to simple SOAP services. A remote\nattacker could use this flaw to access the REST-like interface of a simple\nSOAP service using GET requests that bypass the security constraints\napplied by WSS4JInInterceptor. This flaw was only exploitable if\nWSS4JInInterceptor was used to apply WS-Security processing. Services that\nuse WS-SecurityPolicy to apply security were not affected. (CVE-2012-5633)\n\nWarning: Before applying this update, back up all applications deployed on\nJBoss Portal Platform, along with all customized configuration files, and\nany databases and database settings.\n\nAll users of JBoss Portal Platform 6.0.0 as provided from the Red Hat\nCustomer Portal are advised to apply this update.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2013:0749", "url": "https://access.redhat.com/errata/RHSA-2013:0749" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "http://cxf.apache.org/security-advisories.html", "url": "http://cxf.apache.org/security-advisories.html" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=jbportal\u0026version=6.0.0", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=jbportal\u0026version=6.0.0" }, { "category": "external", "summary": "889008", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=889008" }, { "category": "external", "summary": "905722", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=905722" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0749.json" } ], "title": "Red Hat Security Advisory: apache-cxf security update", "tracking": { "current_release_date": "2024-11-05T18:05:25+00:00", "generator": { "date": "2024-11-05T18:05:25+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2013:0749", "initial_release_date": "2013-04-16T18:51:00+00:00", "revision_history": [ { "date": "2013-04-16T18:51:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2013-04-16T18:53:46+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T18:05:25+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Portal 6.0", "product": { "name": "Red Hat JBoss Portal 6.0", "product_id": "Red Hat JBoss Portal 6.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_portal_platform:6.0" } } } ], "category": "product_family", "name": "Red Hat JBoss Middleware" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2012-5633", "discovery_date": "2012-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "889008" } ], "notes": [ { "category": "description", "text": "The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-cxf: Bypass of security constraints on WS endpoints when using WSS4JInInterceptor", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Portal 6.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-5633" }, { "category": "external", "summary": "RHBZ#889008", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=889008" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-5633", "url": "https://www.cve.org/CVERecord?id=CVE-2012-5633" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-5633", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5633" } ], "release_date": "2013-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-04-16T18:51:00+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Portal Platform, along with all customized\nconfiguration files, and any databases and database settings.\n\nNote that it is recommended to halt the JBoss Portal Platform server by\nstopping the JBoss Application Server process before installing this\nupdate, and then after installing the update, restart the JBoss Portal\nPlatform server by starting the JBoss Application Server process.", "product_ids": [ "Red Hat JBoss Portal 6.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0749" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss Portal 6.0" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "apache-cxf: Bypass of security constraints on WS endpoints when using WSS4JInInterceptor" }, { "cve": "CVE-2013-0239", "discovery_date": "2013-01-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "905722" } ], "notes": [ { "category": "description", "text": "Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-cxf: UsernameTokenPolicyValidator and UsernameTokenInterceptor allow empty passwords to authenticate", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Portal 6.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-0239" }, { "category": "external", "summary": "RHBZ#905722", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=905722" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0239", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0239" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0239", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0239" } ], "release_date": "2013-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-04-16T18:51:00+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up all\napplications deployed on JBoss Portal Platform, along with all customized\nconfiguration files, and any databases and database settings.\n\nNote that it is recommended to halt the JBoss Portal Platform server by\nstopping the JBoss Application Server process before installing this\nupdate, and then after installing the update, restart the JBoss Portal\nPlatform server by starting the JBoss Application Server process.", "product_ids": [ "Red Hat JBoss Portal 6.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0749" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss Portal 6.0" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "apache-cxf: UsernameTokenPolicyValidator and UsernameTokenInterceptor allow empty passwords to authenticate" } ] }
rhsa-2013_0257
Vulnerability from csaf_redhat
Published
2013-02-13 18:54
Modified
2024-11-05 17:58
Summary
Red Hat Security Advisory: JBoss Enterprise Application Platform 5.2.0 security update
Notes
Topic
An updated apache-cxf package for JBoss Enterprise Application Platform
5.2.0 that fixes two security issues is now available for Red Hat
Enterprise Linux 4, 5, and 6.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
JBoss Enterprise Application Platform is a platform for Java applications,
which integrates the JBoss Application Server with JBoss Hibernate and
JBoss Seam.
If web services were deployed using Apache CXF with the WSS4JInInterceptor
enabled to apply WS-Security processing, HTTP GET requests to these
services were always granted access, without applying authentication
checks. The URIMappingInterceptor is a legacy mechanism for allowing
REST-like access (via GET requests) to simple SOAP services. A remote
attacker could use this flaw to access the REST-like interface of a simple
SOAP service using GET requests that bypass the security constraints
applied by WSS4JInInterceptor. This flaw was only exploitable if
WSS4JInInterceptor was used to apply WS-Security processing. Services that
use WS-SecurityPolicy to apply security were not affected. (CVE-2012-5633)
It was found that Apache CXF was vulnerable to SOAPAction spoofing attacks
under certain conditions. If web services were exposed via Apache CXF that
use a unique SOAPAction for each service operation, then a remote attacker
could perform SOAPAction spoofing to call a forbidden operation if it
accepts the same parameters as an allowed operation. WS-Policy validation
was performed against the operation being invoked, and an attack must pass
validation to be successful. (CVE-2012-3451)
Note that the CVE-2012-3451 and CVE-2012-5633 issues only affected
environments that have JBoss Web Services CXF installed.
Red Hat would like to thank the Apache CXF project for reporting
CVE-2012-3451.
Warning: Before applying this update, back up your existing JBoss
Enterprise Application Platform installation (including all applications
and configuration files).
All users of JBoss Enterprise Application Platform 5.2.0 on Red Hat
Enterprise Linux 4, 5, and 6 are advised to upgrade to this updated
package. The JBoss server process must be restarted for the update to take
effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An updated apache-cxf package for JBoss Enterprise Application Platform\n5.2.0 that fixes two security issues is now available for Red Hat\nEnterprise Linux 4, 5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "JBoss Enterprise Application Platform is a platform for Java applications,\nwhich integrates the JBoss Application Server with JBoss Hibernate and\nJBoss Seam.\n\nIf web services were deployed using Apache CXF with the WSS4JInInterceptor\nenabled to apply WS-Security processing, HTTP GET requests to these\nservices were always granted access, without applying authentication\nchecks. The URIMappingInterceptor is a legacy mechanism for allowing\nREST-like access (via GET requests) to simple SOAP services. A remote\nattacker could use this flaw to access the REST-like interface of a simple\nSOAP service using GET requests that bypass the security constraints\napplied by WSS4JInInterceptor. This flaw was only exploitable if\nWSS4JInInterceptor was used to apply WS-Security processing. Services that\nuse WS-SecurityPolicy to apply security were not affected. (CVE-2012-5633)\n\nIt was found that Apache CXF was vulnerable to SOAPAction spoofing attacks\nunder certain conditions. If web services were exposed via Apache CXF that\nuse a unique SOAPAction for each service operation, then a remote attacker\ncould perform SOAPAction spoofing to call a forbidden operation if it\naccepts the same parameters as an allowed operation. WS-Policy validation\nwas performed against the operation being invoked, and an attack must pass\nvalidation to be successful. (CVE-2012-3451)\n\nNote that the CVE-2012-3451 and CVE-2012-5633 issues only affected\nenvironments that have JBoss Web Services CXF installed.\n\nRed Hat would like to thank the Apache CXF project for reporting\nCVE-2012-3451.\n\nWarning: Before applying this update, back up your existing JBoss\nEnterprise Application Platform installation (including all applications\nand configuration files).\n\nAll users of JBoss Enterprise Application Platform 5.2.0 on Red Hat\nEnterprise Linux 4, 5, and 6 are advised to upgrade to this updated\npackage. The JBoss server process must be restarted for the update to take\neffect.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2013:0257", "url": "https://access.redhat.com/errata/RHSA-2013:0257" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "http://cxf.apache.org/security-advisories.html", "url": "http://cxf.apache.org/security-advisories.html" }, { "category": "external", "summary": "851896", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851896" }, { "category": "external", "summary": "889008", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=889008" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0257.json" } ], "title": "Red Hat Security Advisory: JBoss Enterprise Application Platform 5.2.0 security update", "tracking": { "current_release_date": "2024-11-05T17:58:22+00:00", "generator": { "date": "2024-11-05T17:58:22+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2013:0257", "initial_release_date": "2013-02-13T18:54:00+00:00", "revision_history": [ { "date": "2013-02-13T18:54:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2013-02-13T19:01:01+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T17:58:22+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS", "product": { "name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS", "product_id": "4AS-JBEAP-5", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5::el4" } } }, { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 ES", "product": { "name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 ES", "product_id": "4ES-JBEAP-5", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5::el4" } } }, { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server", "product": { "name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server", "product_id": "5Server-JBEAP-5", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5::el5" } } }, { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server", "product": { "name": "Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server", "product_id": "6Server-JBEAP-5", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5::el6" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "apache-cxf-0:2.2.12-10.patch_06.ep5.el4.src", "product": { "name": "apache-cxf-0:2.2.12-10.patch_06.ep5.el4.src", "product_id": "apache-cxf-0:2.2.12-10.patch_06.ep5.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-cxf@2.2.12-10.patch_06.ep5.el4?arch=src" } } }, { "category": "product_version", "name": "apache-cxf-0:2.2.12-10.patch_06.ep5.el5.src", "product": { "name": "apache-cxf-0:2.2.12-10.patch_06.ep5.el5.src", "product_id": "apache-cxf-0:2.2.12-10.patch_06.ep5.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-cxf@2.2.12-10.patch_06.ep5.el5?arch=src" } } }, { "category": "product_version", "name": "apache-cxf-0:2.2.12-10.patch_06.ep5.el6.src", "product": { "name": "apache-cxf-0:2.2.12-10.patch_06.ep5.el6.src", "product_id": "apache-cxf-0:2.2.12-10.patch_06.ep5.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-cxf@2.2.12-10.patch_06.ep5.el6?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "apache-cxf-0:2.2.12-10.patch_06.ep5.el4.noarch", "product": { "name": "apache-cxf-0:2.2.12-10.patch_06.ep5.el4.noarch", "product_id": "apache-cxf-0:2.2.12-10.patch_06.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-cxf@2.2.12-10.patch_06.ep5.el4?arch=noarch" } } }, { "category": "product_version", "name": "apache-cxf-0:2.2.12-10.patch_06.ep5.el5.noarch", "product": { "name": "apache-cxf-0:2.2.12-10.patch_06.ep5.el5.noarch", "product_id": "apache-cxf-0:2.2.12-10.patch_06.ep5.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-cxf@2.2.12-10.patch_06.ep5.el5?arch=noarch" } } }, { "category": "product_version", "name": "apache-cxf-0:2.2.12-10.patch_06.ep5.el6.noarch", "product": { "name": "apache-cxf-0:2.2.12-10.patch_06.ep5.el6.noarch", "product_id": "apache-cxf-0:2.2.12-10.patch_06.ep5.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-cxf@2.2.12-10.patch_06.ep5.el6?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "apache-cxf-0:2.2.12-10.patch_06.ep5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS", "product_id": "4AS-JBEAP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el4.noarch" }, "product_reference": "apache-cxf-0:2.2.12-10.patch_06.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEAP-5" }, { "category": "default_component_of", "full_product_name": { "name": "apache-cxf-0:2.2.12-10.patch_06.ep5.el4.src as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS", "product_id": "4AS-JBEAP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el4.src" }, "product_reference": "apache-cxf-0:2.2.12-10.patch_06.ep5.el4.src", "relates_to_product_reference": "4AS-JBEAP-5" }, { "category": "default_component_of", "full_product_name": { "name": "apache-cxf-0:2.2.12-10.patch_06.ep5.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 ES", "product_id": "4ES-JBEAP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el4.noarch" }, "product_reference": "apache-cxf-0:2.2.12-10.patch_06.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEAP-5" }, { "category": "default_component_of", "full_product_name": { "name": "apache-cxf-0:2.2.12-10.patch_06.ep5.el4.src as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 ES", "product_id": "4ES-JBEAP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el4.src" }, "product_reference": "apache-cxf-0:2.2.12-10.patch_06.ep5.el4.src", "relates_to_product_reference": "4ES-JBEAP-5" }, { "category": "default_component_of", "full_product_name": { "name": "apache-cxf-0:2.2.12-10.patch_06.ep5.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server", "product_id": "5Server-JBEAP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el5.noarch" }, "product_reference": "apache-cxf-0:2.2.12-10.patch_06.ep5.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-5" }, { "category": "default_component_of", "full_product_name": { "name": "apache-cxf-0:2.2.12-10.patch_06.ep5.el5.src as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server", "product_id": "5Server-JBEAP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el5.src" }, "product_reference": "apache-cxf-0:2.2.12-10.patch_06.ep5.el5.src", "relates_to_product_reference": "5Server-JBEAP-5" }, { "category": "default_component_of", "full_product_name": { "name": "apache-cxf-0:2.2.12-10.patch_06.ep5.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server", "product_id": "6Server-JBEAP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el6.noarch" }, "product_reference": "apache-cxf-0:2.2.12-10.patch_06.ep5.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-5" }, { "category": "default_component_of", "full_product_name": { "name": "apache-cxf-0:2.2.12-10.patch_06.ep5.el6.src as a component of Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server", "product_id": "6Server-JBEAP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el6.src" }, "product_reference": "apache-cxf-0:2.2.12-10.patch_06.ep5.el6.src", "relates_to_product_reference": "6Server-JBEAP-5" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Apache CXF project" ] } ], "cve": "CVE-2012-3451", "discovery_date": "2012-08-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "851896" } ], "notes": [ { "category": "description", "text": "Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-cxf: SOAPAction spoofing on document literal web services", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-JBEAP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el4.noarch", "4AS-JBEAP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el4.src", "4ES-JBEAP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el4.noarch", "4ES-JBEAP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el4.src", "5Server-JBEAP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el5.noarch", "5Server-JBEAP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el5.src", "6Server-JBEAP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el6.noarch", "6Server-JBEAP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el6.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-3451" }, { "category": "external", "summary": "RHBZ#851896", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851896" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-3451", "url": "https://www.cve.org/CVERecord?id=CVE-2012-3451" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3451", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3451" } ], "release_date": "2012-09-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-02-13T18:54:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "4AS-JBEAP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el4.noarch", "4AS-JBEAP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el4.src", "4ES-JBEAP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el4.noarch", "4ES-JBEAP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el4.src", "5Server-JBEAP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el5.noarch", "5Server-JBEAP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el5.src", "6Server-JBEAP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el6.noarch", "6Server-JBEAP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el6.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0257" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "4AS-JBEAP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el4.noarch", "4AS-JBEAP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el4.src", "4ES-JBEAP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el4.noarch", "4ES-JBEAP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el4.src", "5Server-JBEAP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el5.noarch", "5Server-JBEAP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el5.src", "6Server-JBEAP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el6.noarch", "6Server-JBEAP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el6.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apache-cxf: SOAPAction spoofing on document literal web services" }, { "cve": "CVE-2012-5633", "discovery_date": "2012-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "889008" } ], "notes": [ { "category": "description", "text": "The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-cxf: Bypass of security constraints on WS endpoints when using WSS4JInInterceptor", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-JBEAP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el4.noarch", "4AS-JBEAP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el4.src", "4ES-JBEAP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el4.noarch", "4ES-JBEAP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el4.src", "5Server-JBEAP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el5.noarch", "5Server-JBEAP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el5.src", "6Server-JBEAP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el6.noarch", "6Server-JBEAP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el6.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-5633" }, { "category": "external", "summary": "RHBZ#889008", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=889008" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-5633", "url": "https://www.cve.org/CVERecord?id=CVE-2012-5633" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-5633", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5633" } ], "release_date": "2013-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-02-13T18:54:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "4AS-JBEAP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el4.noarch", "4AS-JBEAP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el4.src", "4ES-JBEAP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el4.noarch", "4ES-JBEAP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el4.src", "5Server-JBEAP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el5.noarch", "5Server-JBEAP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el5.src", "6Server-JBEAP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el6.noarch", "6Server-JBEAP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el6.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0257" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "4AS-JBEAP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el4.noarch", "4AS-JBEAP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el4.src", "4ES-JBEAP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el4.noarch", "4ES-JBEAP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el4.src", "5Server-JBEAP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el5.noarch", "5Server-JBEAP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el5.src", "6Server-JBEAP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el6.noarch", "6Server-JBEAP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el6.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "apache-cxf: Bypass of security constraints on WS endpoints when using WSS4JInInterceptor" } ] }
rhsa-2013_0743
Vulnerability from csaf_redhat
Published
2013-04-15 17:45
Modified
2024-11-05 18:04
Summary
Red Hat Security Advisory: JBoss Enterprise BRMS Platform 5.3.1 update
Notes
Topic
JBoss Enterprise BRMS Platform 5.3.1 roll up patch 1, which fixes two
security issues and various bugs, is now available from the Red Hat
Customer Portal.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
JBoss Enterprise BRMS Platform is a business rules management system for
the management, storage, creation, modification, and deployment of JBoss
Rules.
This roll up patch serves as a cumulative upgrade for JBoss Enterprise BRMS
Platform 5.3.1. It includes various bug fixes. The following security
issues are also fixed with this release:
If web services were deployed using Apache CXF with the WSS4JInInterceptor
enabled to apply WS-Security processing, HTTP GET requests to these
services were always granted access, without applying authentication
checks. The URIMappingInterceptor is a legacy mechanism for allowing
REST-like access (via GET requests) to simple SOAP services. A remote
attacker could use this flaw to access the REST-like interface of a simple
SOAP service using GET requests that bypass the security constraints
applied by WSS4JInInterceptor. This flaw was only exploitable if
WSS4JInInterceptor was used to apply WS-Security processing. Services that
use WS-SecurityPolicy to apply security were not affected. (CVE-2012-5633)
It was found that Apache CXF was vulnerable to SOAPAction spoofing attacks
under certain conditions. If web services were exposed via Apache CXF that
use a unique SOAPAction for each service operation, then a remote attacker
could perform SOAPAction spoofing to call a forbidden operation if it
accepts the same parameters as an allowed operation. WS-Policy validation
was performed against the operation being invoked, and an attack must pass
validation to be successful. (CVE-2012-3451)
Red Hat would like to thank the Apache CXF project for reporting the
CVE-2012-3451 issue.
Warning: Before applying the update, back up your existing JBoss Enterprise
BRMS Platform installation (including its databases, applications,
configuration files, and so on).
All users of JBoss Enterprise BRMS Platform 5.3.1 as provided from the Red
Hat Customer Portal are advised to apply this roll up patch.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "JBoss Enterprise BRMS Platform 5.3.1 roll up patch 1, which fixes two\nsecurity issues and various bugs, is now available from the Red Hat\nCustomer Portal.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "JBoss Enterprise BRMS Platform is a business rules management system for\nthe management, storage, creation, modification, and deployment of JBoss\nRules.\n\nThis roll up patch serves as a cumulative upgrade for JBoss Enterprise BRMS\nPlatform 5.3.1. It includes various bug fixes. The following security\nissues are also fixed with this release:\n\nIf web services were deployed using Apache CXF with the WSS4JInInterceptor\nenabled to apply WS-Security processing, HTTP GET requests to these\nservices were always granted access, without applying authentication\nchecks. The URIMappingInterceptor is a legacy mechanism for allowing\nREST-like access (via GET requests) to simple SOAP services. A remote\nattacker could use this flaw to access the REST-like interface of a simple\nSOAP service using GET requests that bypass the security constraints\napplied by WSS4JInInterceptor. This flaw was only exploitable if\nWSS4JInInterceptor was used to apply WS-Security processing. Services that\nuse WS-SecurityPolicy to apply security were not affected. (CVE-2012-5633)\n\nIt was found that Apache CXF was vulnerable to SOAPAction spoofing attacks\nunder certain conditions. If web services were exposed via Apache CXF that\nuse a unique SOAPAction for each service operation, then a remote attacker\ncould perform SOAPAction spoofing to call a forbidden operation if it\naccepts the same parameters as an allowed operation. WS-Policy validation\nwas performed against the operation being invoked, and an attack must pass\nvalidation to be successful. (CVE-2012-3451)\n\nRed Hat would like to thank the Apache CXF project for reporting the\nCVE-2012-3451 issue.\n\nWarning: Before applying the update, back up your existing JBoss Enterprise\nBRMS Platform installation (including its databases, applications,\nconfiguration files, and so on).\n\nAll users of JBoss Enterprise BRMS Platform 5.3.1 as provided from the Red\nHat Customer Portal are advised to apply this roll up patch.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2013:0743", "url": "https://access.redhat.com/errata/RHSA-2013:0743" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "http://cxf.apache.org/security-advisories.html", "url": "http://cxf.apache.org/security-advisories.html" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=brms\u0026downloadType=securityPatches\u0026version=5.3.1", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=brms\u0026downloadType=securityPatches\u0026version=5.3.1" }, { "category": "external", "summary": "851896", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851896" }, { "category": "external", "summary": "889008", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=889008" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0743.json" } ], "title": "Red Hat Security Advisory: JBoss Enterprise BRMS Platform 5.3.1 update", "tracking": { "current_release_date": "2024-11-05T18:04:51+00:00", "generator": { "date": "2024-11-05T18:04:51+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2013:0743", "initial_release_date": "2013-04-15T17:45:00+00:00", "revision_history": [ { "date": "2013-04-15T17:45:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2013-04-15T17:51:34+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T18:04:51+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "JBoss Enterprise BRMS Platform 5.3", "product": { "name": "JBoss Enterprise BRMS Platform 5.3", "product_id": "JBoss Enterprise BRMS Platform 5.3", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:5.3" } } } ], "category": "product_family", "name": "Red Hat JBoss Middleware" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Apache CXF project" ] } ], "cve": "CVE-2012-3451", "discovery_date": "2012-08-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "851896" } ], "notes": [ { "category": "description", "text": "Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-cxf: SOAPAction spoofing on document literal web services", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "JBoss Enterprise BRMS Platform 5.3" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-3451" }, { "category": "external", "summary": "RHBZ#851896", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851896" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-3451", "url": "https://www.cve.org/CVERecord?id=CVE-2012-3451" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3451", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3451" } ], "release_date": "2012-09-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-04-15T17:45:00+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise BRMS Platform installation (including its\ndatabases, applications, configuration files, and so on).\n\nNote that it is recommended to halt the JBoss Enterprise BRMS Platform\nserver by stopping the JBoss Application Server process before installing\nthis update, and then after installing the update, restart the JBoss\nEnterprise BRMS Platform server by starting the JBoss Application Server\nprocess.", "product_ids": [ "JBoss Enterprise BRMS Platform 5.3" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0743" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "JBoss Enterprise BRMS Platform 5.3" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apache-cxf: SOAPAction spoofing on document literal web services" }, { "cve": "CVE-2012-5633", "discovery_date": "2012-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "889008" } ], "notes": [ { "category": "description", "text": "The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-cxf: Bypass of security constraints on WS endpoints when using WSS4JInInterceptor", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "JBoss Enterprise BRMS Platform 5.3" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-5633" }, { "category": "external", "summary": "RHBZ#889008", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=889008" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-5633", "url": "https://www.cve.org/CVERecord?id=CVE-2012-5633" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-5633", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5633" } ], "release_date": "2013-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-04-15T17:45:00+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise BRMS Platform installation (including its\ndatabases, applications, configuration files, and so on).\n\nNote that it is recommended to halt the JBoss Enterprise BRMS Platform\nserver by stopping the JBoss Application Server process before installing\nthis update, and then after installing the update, restart the JBoss\nEnterprise BRMS Platform server by starting the JBoss Application Server\nprocess.", "product_ids": [ "JBoss Enterprise BRMS Platform 5.3" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0743" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "JBoss Enterprise BRMS Platform 5.3" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "apache-cxf: Bypass of security constraints on WS endpoints when using WSS4JInInterceptor" } ] }
rhsa-2013_0645
Vulnerability from csaf_redhat
Published
2013-03-13 18:43
Modified
2024-11-05 18:03
Summary
Red Hat Security Advisory: apache-cxf security update
Notes
Topic
An update for the Apache CXF component of JBoss Enterprise Application
Platform 6.0.1 which fixes two security issues is now available from the
Red Hat Customer Portal.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
Apache CXF is an open source services framework.
It was found that the Apache CXF UsernameTokenPolicyValidator and
UsernameTokenInterceptor allowed a UsernameToken element with no password
child element to bypass authentication. A remote attacker could use this
flaw to circumvent access controls applied to web services by omitting the
password in a UsernameToken. This flaw was exploitable on web services that
rely on WS-SecurityPolicy plain text UsernameTokens to authenticate users.
It was not exploitable when using hashed passwords or WS-Security without
WS-SecurityPolicy. (CVE-2013-0239)
If web services were deployed using Apache CXF with the WSS4JInInterceptor
enabled to apply WS-Security processing, HTTP GET requests to these
services were always granted access, without applying authentication
checks. The URIMappingInterceptor is a legacy mechanism for allowing
REST-like access (via GET requests) to simple SOAP services. A remote
attacker could use this flaw to access the REST-like interface of a simple
SOAP service using GET requests that bypass the security constraints
applied by WSS4JInInterceptor. This flaw was only exploitable if
WSS4JInInterceptor was used to apply WS-Security processing. Services that
use WS-SecurityPolicy to apply security were not affected. (CVE-2012-5633)
Warning: Before applying this update, back up your existing JBoss
Enterprise Application Platform installation and deployed applications.
All users of JBoss Enterprise Application Platform 6.0.1 as provided from
the Red Hat Customer Portal are advised to apply this update.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for the Apache CXF component of JBoss Enterprise Application\nPlatform 6.0.1 which fixes two security issues is now available from the\nRed Hat Customer Portal.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "Apache CXF is an open source services framework.\n\nIt was found that the Apache CXF UsernameTokenPolicyValidator and\nUsernameTokenInterceptor allowed a UsernameToken element with no password\nchild element to bypass authentication. A remote attacker could use this\nflaw to circumvent access controls applied to web services by omitting the\npassword in a UsernameToken. This flaw was exploitable on web services that\nrely on WS-SecurityPolicy plain text UsernameTokens to authenticate users.\nIt was not exploitable when using hashed passwords or WS-Security without\nWS-SecurityPolicy. (CVE-2013-0239)\n\nIf web services were deployed using Apache CXF with the WSS4JInInterceptor\nenabled to apply WS-Security processing, HTTP GET requests to these\nservices were always granted access, without applying authentication\nchecks. The URIMappingInterceptor is a legacy mechanism for allowing\nREST-like access (via GET requests) to simple SOAP services. A remote\nattacker could use this flaw to access the REST-like interface of a simple\nSOAP service using GET requests that bypass the security constraints\napplied by WSS4JInInterceptor. This flaw was only exploitable if\nWSS4JInInterceptor was used to apply WS-Security processing. Services that\nuse WS-SecurityPolicy to apply security were not affected. (CVE-2012-5633)\n\nWarning: Before applying this update, back up your existing JBoss\nEnterprise Application Platform installation and deployed applications.\n\nAll users of JBoss Enterprise Application Platform 6.0.1 as provided from\nthe Red Hat Customer Portal are advised to apply this update.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2013:0645", "url": "https://access.redhat.com/errata/RHSA-2013:0645" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=6.0.1", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=6.0.1" }, { "category": "external", "summary": "http://cxf.apache.org/security-advisories.html", "url": "http://cxf.apache.org/security-advisories.html" }, { "category": "external", "summary": "889008", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=889008" }, { "category": "external", "summary": "905722", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=905722" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0645.json" } ], "title": "Red Hat Security Advisory: apache-cxf security update", "tracking": { "current_release_date": "2024-11-05T18:03:01+00:00", "generator": { "date": "2024-11-05T18:03:01+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2013:0645", "initial_release_date": "2013-03-13T18:43:00+00:00", "revision_history": [ { "date": "2013-03-13T18:43:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2019-02-20T12:45:50+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T18:03:01+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 6.0", "product": { "name": "Red Hat JBoss Enterprise Application Platform 6.0", "product_id": "Red Hat JBoss Enterprise Application Platform 6.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6.0.1" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2012-5633", "discovery_date": "2012-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "889008" } ], "notes": [ { "category": "description", "text": "The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-cxf: Bypass of security constraints on WS endpoints when using WSS4JInInterceptor", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 6.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-5633" }, { "category": "external", "summary": "RHBZ#889008", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=889008" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-5633", "url": "https://www.cve.org/CVERecord?id=CVE-2012-5633" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-5633", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5633" } ], "release_date": "2013-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-03-13T18:43:00+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss Enterprise Application Platform installation and deployed\napplications.\n\nThe JBoss server process must be restarted for this update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 6.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0645" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform 6.0" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "apache-cxf: Bypass of security constraints on WS endpoints when using WSS4JInInterceptor" }, { "cve": "CVE-2013-0239", "discovery_date": "2013-01-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "905722" } ], "notes": [ { "category": "description", "text": "Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-cxf: UsernameTokenPolicyValidator and UsernameTokenInterceptor allow empty passwords to authenticate", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 6.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-0239" }, { "category": "external", "summary": "RHBZ#905722", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=905722" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0239", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0239" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0239", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0239" } ], "release_date": "2013-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-03-13T18:43:00+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying this update, back up your\nexisting JBoss Enterprise Application Platform installation and deployed\napplications.\n\nThe JBoss server process must be restarted for this update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 6.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0645" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform 6.0" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "apache-cxf: UsernameTokenPolicyValidator and UsernameTokenInterceptor allow empty passwords to authenticate" } ] }
rhsa-2013_0256
Vulnerability from csaf_redhat
Published
2013-02-13 18:51
Modified
2024-11-05 17:58
Summary
Red Hat Security Advisory: JBoss Enterprise Application Platform 5.2.0 security update
Notes
Topic
An update for JBoss Enterprise Application Platform 5.2.0 which fixes two
security issues is now available from the Red Hat Customer Portal.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
JBoss Enterprise Application Platform is a platform for Java applications,
which integrates the JBoss Application Server with JBoss Hibernate and
JBoss Seam.
If web services were deployed using Apache CXF with the WSS4JInInterceptor
enabled to apply WS-Security processing, HTTP GET requests to these
services were always granted access, without applying authentication
checks. The URIMappingInterceptor is a legacy mechanism for allowing
REST-like access (via GET requests) to simple SOAP services. A remote
attacker could use this flaw to access the REST-like interface of a simple
SOAP service using GET requests that bypass the security constraints
applied by WSS4JInInterceptor. This flaw was only exploitable if
WSS4JInInterceptor was used to apply WS-Security processing. Services that
use WS-SecurityPolicy to apply security were not affected. (CVE-2012-5633)
It was found that Apache CXF was vulnerable to SOAPAction spoofing attacks
under certain conditions. If web services were exposed via Apache CXF that
use a unique SOAPAction for each service operation, then a remote attacker
could perform SOAPAction spoofing to call a forbidden operation if it
accepts the same parameters as an allowed operation. WS-Policy validation
was performed against the operation being invoked, and an attack must pass
validation to be successful. (CVE-2012-3451)
Note that the CVE-2012-3451 and CVE-2012-5633 issues only affected
environments that have JBoss Web Services CXF installed.
Red Hat would like to thank the Apache CXF project for reporting
CVE-2012-3451.
Warning: Before applying this update, back up your existing JBoss
Enterprise Application Platform installation (including all applications
and configuration files).
All users of JBoss Enterprise Application Platform 5.2.0 as provided from
the Red Hat Customer Portal are advised to apply this update.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for JBoss Enterprise Application Platform 5.2.0 which fixes two\nsecurity issues is now available from the Red Hat Customer Portal.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "JBoss Enterprise Application Platform is a platform for Java applications,\nwhich integrates the JBoss Application Server with JBoss Hibernate and\nJBoss Seam.\n\nIf web services were deployed using Apache CXF with the WSS4JInInterceptor\nenabled to apply WS-Security processing, HTTP GET requests to these\nservices were always granted access, without applying authentication\nchecks. The URIMappingInterceptor is a legacy mechanism for allowing\nREST-like access (via GET requests) to simple SOAP services. A remote\nattacker could use this flaw to access the REST-like interface of a simple\nSOAP service using GET requests that bypass the security constraints\napplied by WSS4JInInterceptor. This flaw was only exploitable if\nWSS4JInInterceptor was used to apply WS-Security processing. Services that\nuse WS-SecurityPolicy to apply security were not affected. (CVE-2012-5633)\n\nIt was found that Apache CXF was vulnerable to SOAPAction spoofing attacks\nunder certain conditions. If web services were exposed via Apache CXF that\nuse a unique SOAPAction for each service operation, then a remote attacker\ncould perform SOAPAction spoofing to call a forbidden operation if it\naccepts the same parameters as an allowed operation. WS-Policy validation\nwas performed against the operation being invoked, and an attack must pass\nvalidation to be successful. (CVE-2012-3451)\n\nNote that the CVE-2012-3451 and CVE-2012-5633 issues only affected\nenvironments that have JBoss Web Services CXF installed.\n\nRed Hat would like to thank the Apache CXF project for reporting\nCVE-2012-3451.\n\nWarning: Before applying this update, back up your existing JBoss\nEnterprise Application Platform installation (including all applications\nand configuration files).\n\nAll users of JBoss Enterprise Application Platform 5.2.0 as provided from\nthe Red Hat Customer Portal are advised to apply this update.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2013:0256", "url": "https://access.redhat.com/errata/RHSA-2013:0256" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=5.2.0", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform\u0026downloadType=securityPatches\u0026version=5.2.0" }, { "category": "external", "summary": "http://cxf.apache.org/security-advisories.html", "url": "http://cxf.apache.org/security-advisories.html" }, { "category": "external", "summary": "851896", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851896" }, { "category": "external", "summary": "889008", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=889008" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0256.json" } ], "title": "Red Hat Security Advisory: JBoss Enterprise Application Platform 5.2.0 security update", "tracking": { "current_release_date": "2024-11-05T17:58:18+00:00", "generator": { "date": "2024-11-05T17:58:18+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2013:0256", "initial_release_date": "2013-02-13T18:51:00+00:00", "revision_history": [ { "date": "2013-02-13T18:51:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2013-02-13T18:50:39+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T17:58:18+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 5.2", "product": { "name": "Red Hat JBoss Enterprise Application Platform 5.2", "product_id": "Red Hat JBoss Enterprise Application Platform 5.2", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:5.2.0" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Apache CXF project" ] } ], "cve": "CVE-2012-3451", "discovery_date": "2012-08-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "851896" } ], "notes": [ { "category": "description", "text": "Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-cxf: SOAPAction spoofing on document literal web services", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 5.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-3451" }, { "category": "external", "summary": "RHBZ#851896", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851896" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-3451", "url": "https://www.cve.org/CVERecord?id=CVE-2012-3451" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3451", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3451" } ], "release_date": "2012-09-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-02-13T18:51:00+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise Application Platform installation (including all\napplications and configuration files).\n\nThe JBoss server process must be restarted for this update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 5.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0256" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform 5.2" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apache-cxf: SOAPAction spoofing on document literal web services" }, { "cve": "CVE-2012-5633", "discovery_date": "2012-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "889008" } ], "notes": [ { "category": "description", "text": "The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-cxf: Bypass of security constraints on WS endpoints when using WSS4JInInterceptor", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform 5.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-5633" }, { "category": "external", "summary": "RHBZ#889008", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=889008" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-5633", "url": "https://www.cve.org/CVERecord?id=CVE-2012-5633" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-5633", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5633" } ], "release_date": "2013-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-02-13T18:51:00+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise Application Platform installation (including all\napplications and configuration files).\n\nThe JBoss server process must be restarted for this update to take effect.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform 5.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0256" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss Enterprise Application Platform 5.2" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "apache-cxf: Bypass of security constraints on WS endpoints when using WSS4JInInterceptor" } ] }
rhsa-2013_0258
Vulnerability from csaf_redhat
Published
2013-02-13 18:52
Modified
2024-11-05 17:58
Summary
Red Hat Security Advisory: JBoss Enterprise Web Platform 5.2.0 security update
Notes
Topic
An update for JBoss Enterprise Web Platform 5.2.0 which fixes two security
issues is now available from the Red Hat Customer Portal.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
The Enterprise Web Platform is a slimmed down profile of the JBoss
Enterprise Application Platform intended for mid-size workloads with light
and rich Java applications.
If web services were deployed using Apache CXF with the WSS4JInInterceptor
enabled to apply WS-Security processing, HTTP GET requests to these
services were always granted access, without applying authentication
checks. The URIMappingInterceptor is a legacy mechanism for allowing
REST-like access (via GET requests) to simple SOAP services. A remote
attacker could use this flaw to access the REST-like interface of a simple
SOAP service using GET requests that bypass the security constraints
applied by WSS4JInInterceptor. This flaw was only exploitable if
WSS4JInInterceptor was used to apply WS-Security processing. Services that
use WS-SecurityPolicy to apply security were not affected. (CVE-2012-5633)
It was found that Apache CXF was vulnerable to SOAPAction spoofing attacks
under certain conditions. If web services were exposed via Apache CXF that
use a unique SOAPAction for each service operation, then a remote attacker
could perform SOAPAction spoofing to call a forbidden operation if it
accepts the same parameters as an allowed operation. WS-Policy validation
was performed against the operation being invoked, and an attack must pass
validation to be successful. (CVE-2012-3451)
Note that the CVE-2012-3451 and CVE-2012-5633 issues only affected
environments that have JBoss Web Services CXF installed.
Red Hat would like to thank the Apache CXF project for reporting
CVE-2012-3451.
Warning: Before applying this update, back up your existing JBoss
Enterprise Web Platform installation (including all applications
and configuration files).
All users of JBoss Enterprise Web Platform 5.2.0 as provided from the Red
Hat Customer Portal are advised to apply this update.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for JBoss Enterprise Web Platform 5.2.0 which fixes two security\nissues is now available from the Red Hat Customer Portal.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "The Enterprise Web Platform is a slimmed down profile of the JBoss\nEnterprise Application Platform intended for mid-size workloads with light\nand rich Java applications.\n\nIf web services were deployed using Apache CXF with the WSS4JInInterceptor\nenabled to apply WS-Security processing, HTTP GET requests to these\nservices were always granted access, without applying authentication\nchecks. The URIMappingInterceptor is a legacy mechanism for allowing\nREST-like access (via GET requests) to simple SOAP services. A remote\nattacker could use this flaw to access the REST-like interface of a simple\nSOAP service using GET requests that bypass the security constraints\napplied by WSS4JInInterceptor. This flaw was only exploitable if\nWSS4JInInterceptor was used to apply WS-Security processing. Services that\nuse WS-SecurityPolicy to apply security were not affected. (CVE-2012-5633)\n\nIt was found that Apache CXF was vulnerable to SOAPAction spoofing attacks\nunder certain conditions. If web services were exposed via Apache CXF that\nuse a unique SOAPAction for each service operation, then a remote attacker\ncould perform SOAPAction spoofing to call a forbidden operation if it\naccepts the same parameters as an allowed operation. WS-Policy validation\nwas performed against the operation being invoked, and an attack must pass\nvalidation to be successful. (CVE-2012-3451)\n\nNote that the CVE-2012-3451 and CVE-2012-5633 issues only affected\nenvironments that have JBoss Web Services CXF installed.\n\nRed Hat would like to thank the Apache CXF project for reporting\nCVE-2012-3451.\n\nWarning: Before applying this update, back up your existing JBoss\nEnterprise Web Platform installation (including all applications\nand configuration files).\n\nAll users of JBoss Enterprise Web Platform 5.2.0 as provided from the Red\nHat Customer Portal are advised to apply this update.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2013:0258", "url": "https://access.redhat.com/errata/RHSA-2013:0258" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=enterpriseweb.platform\u0026downloadType=securityPatches\u0026version=5.2.0", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=enterpriseweb.platform\u0026downloadType=securityPatches\u0026version=5.2.0" }, { "category": "external", "summary": "http://cxf.apache.org/security-advisories.html", "url": "http://cxf.apache.org/security-advisories.html" }, { "category": "external", "summary": "851896", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851896" }, { "category": "external", "summary": "889008", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=889008" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0258.json" } ], "title": "Red Hat Security Advisory: JBoss Enterprise Web Platform 5.2.0 security update", "tracking": { "current_release_date": "2024-11-05T17:58:26+00:00", "generator": { "date": "2024-11-05T17:58:26+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2013:0258", "initial_release_date": "2013-02-13T18:52:00+00:00", "revision_history": [ { "date": "2013-02-13T18:52:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2013-02-13T19:00:56+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T17:58:26+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Web Platform 5.2", "product": { "name": "Red Hat JBoss Web Platform 5.2", "product_id": "Red Hat JBoss Web Platform 5.2", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_web_platform:5.2.0" } } } ], "category": "product_family", "name": "Red Hat JBoss Web Platform" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Apache CXF project" ] } ], "cve": "CVE-2012-3451", "discovery_date": "2012-08-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "851896" } ], "notes": [ { "category": "description", "text": "Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-cxf: SOAPAction spoofing on document literal web services", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Web Platform 5.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-3451" }, { "category": "external", "summary": "RHBZ#851896", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851896" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-3451", "url": "https://www.cve.org/CVERecord?id=CVE-2012-3451" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3451", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3451" } ], "release_date": "2012-09-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-02-13T18:52:00+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise Web Platform installation (including all\napplications and configuration files).\n\nThe JBoss server process must be restarted for this update to take effect.", "product_ids": [ "Red Hat JBoss Web Platform 5.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0258" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss Web Platform 5.2" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apache-cxf: SOAPAction spoofing on document literal web services" }, { "cve": "CVE-2012-5633", "discovery_date": "2012-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "889008" } ], "notes": [ { "category": "description", "text": "The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-cxf: Bypass of security constraints on WS endpoints when using WSS4JInInterceptor", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Web Platform 5.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-5633" }, { "category": "external", "summary": "RHBZ#889008", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=889008" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-5633", "url": "https://www.cve.org/CVERecord?id=CVE-2012-5633" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-5633", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5633" } ], "release_date": "2013-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-02-13T18:52:00+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting JBoss Enterprise Web Platform installation (including all\napplications and configuration files).\n\nThe JBoss server process must be restarted for this update to take effect.", "product_ids": [ "Red Hat JBoss Web Platform 5.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0258" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "Red Hat JBoss Web Platform 5.2" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "apache-cxf: Bypass of security constraints on WS endpoints when using WSS4JInInterceptor" } ] }
rhsa-2013_0644
Vulnerability from csaf_redhat
Published
2013-03-13 18:45
Modified
2024-11-05 18:02
Summary
Red Hat Security Advisory: apache-cxf security update
Notes
Topic
An updated apache-cxf package for JBoss Enterprise Application Platform
6.0.1 which fixes two security issues is now available for Red Hat
Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
Apache CXF is an open source services framework.
It was found that the Apache CXF UsernameTokenPolicyValidator and
UsernameTokenInterceptor allowed a UsernameToken element with no password
child element to bypass authentication. A remote attacker could use this
flaw to circumvent access controls applied to web services by omitting the
password in a UsernameToken. This flaw was exploitable on web services that
rely on WS-SecurityPolicy plain text UsernameTokens to authenticate users.
It was not exploitable when using hashed passwords or WS-Security without
WS-SecurityPolicy. (CVE-2013-0239)
If web services were deployed using Apache CXF with the WSS4JInInterceptor
enabled to apply WS-Security processing, HTTP GET requests to these
services were always granted access, without applying authentication
checks. The URIMappingInterceptor is a legacy mechanism for allowing
REST-like access (via GET requests) to simple SOAP services. A remote
attacker could use this flaw to access the REST-like interface of a simple
SOAP service using GET requests that bypass the security constraints
applied by WSS4JInInterceptor. This flaw was only exploitable if
WSS4JInInterceptor was used to apply WS-Security processing. Services that
use WS-SecurityPolicy to apply security were not affected. (CVE-2012-5633)
Warning: Before applying this update, back up your existing JBoss
Enterprise Application Platform installation and deployed applications.
All users of JBoss Enterprise Application Platform 6.0.1 on Red Hat
Enterprise Linux 5 and 6 are advised to upgrade to this updated package.
The JBoss server process must be restarted for the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An updated apache-cxf package for JBoss Enterprise Application Platform\n6.0.1 which fixes two security issues is now available for Red Hat\nEnterprise Linux 5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "Apache CXF is an open source services framework.\n\nIt was found that the Apache CXF UsernameTokenPolicyValidator and\nUsernameTokenInterceptor allowed a UsernameToken element with no password\nchild element to bypass authentication. A remote attacker could use this\nflaw to circumvent access controls applied to web services by omitting the\npassword in a UsernameToken. This flaw was exploitable on web services that\nrely on WS-SecurityPolicy plain text UsernameTokens to authenticate users.\nIt was not exploitable when using hashed passwords or WS-Security without\nWS-SecurityPolicy. (CVE-2013-0239)\n\nIf web services were deployed using Apache CXF with the WSS4JInInterceptor\nenabled to apply WS-Security processing, HTTP GET requests to these\nservices were always granted access, without applying authentication\nchecks. The URIMappingInterceptor is a legacy mechanism for allowing\nREST-like access (via GET requests) to simple SOAP services. A remote\nattacker could use this flaw to access the REST-like interface of a simple\nSOAP service using GET requests that bypass the security constraints\napplied by WSS4JInInterceptor. This flaw was only exploitable if\nWSS4JInInterceptor was used to apply WS-Security processing. Services that\nuse WS-SecurityPolicy to apply security were not affected. (CVE-2012-5633)\n\nWarning: Before applying this update, back up your existing JBoss\nEnterprise Application Platform installation and deployed applications.\n\nAll users of JBoss Enterprise Application Platform 6.0.1 on Red Hat\nEnterprise Linux 5 and 6 are advised to upgrade to this updated package.\nThe JBoss server process must be restarted for the update to take effect.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2013:0644", "url": "https://access.redhat.com/errata/RHSA-2013:0644" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "http://cxf.apache.org/security-advisories.html", "url": "http://cxf.apache.org/security-advisories.html" }, { "category": "external", "summary": "889008", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=889008" }, { "category": "external", "summary": "905722", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=905722" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0644.json" } ], "title": "Red Hat Security Advisory: apache-cxf security update", "tracking": { "current_release_date": "2024-11-05T18:02:57+00:00", "generator": { "date": "2024-11-05T18:02:57+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2013:0644", "initial_release_date": "2013-03-13T18:45:00+00:00", "revision_history": [ { "date": "2013-03-13T18:45:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2013-03-13T18:49:09+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T18:02:57+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product": { "name": "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5" } } }, { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product": { "name": "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "apache-cxf-0:2.4.9-6.redhat_3.ep6.el5.src", "product": { "name": "apache-cxf-0:2.4.9-6.redhat_3.ep6.el5.src", "product_id": "apache-cxf-0:2.4.9-6.redhat_3.ep6.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-cxf@2.4.9-6.redhat_3.ep6.el5?arch=src" } } }, { "category": "product_version", "name": "apache-cxf-0:2.4.9-6.redhat_3.ep6.el6.src", "product": { "name": "apache-cxf-0:2.4.9-6.redhat_3.ep6.el6.src", "product_id": "apache-cxf-0:2.4.9-6.redhat_3.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-cxf@2.4.9-6.redhat_3.ep6.el6?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "apache-cxf-0:2.4.9-6.redhat_3.ep6.el5.noarch", "product": { "name": "apache-cxf-0:2.4.9-6.redhat_3.ep6.el5.noarch", "product_id": "apache-cxf-0:2.4.9-6.redhat_3.ep6.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-cxf@2.4.9-6.redhat_3.ep6.el5?arch=noarch" } } }, { "category": "product_version", "name": "apache-cxf-0:2.4.9-6.redhat_3.ep6.el6.noarch", "product": { "name": "apache-cxf-0:2.4.9-6.redhat_3.ep6.el6.noarch", "product_id": "apache-cxf-0:2.4.9-6.redhat_3.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-cxf@2.4.9-6.redhat_3.ep6.el6?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "apache-cxf-0:2.4.9-6.redhat_3.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:apache-cxf-0:2.4.9-6.redhat_3.ep6.el5.noarch" }, "product_reference": "apache-cxf-0:2.4.9-6.redhat_3.ep6.el5.noarch", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "apache-cxf-0:2.4.9-6.redhat_3.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server", "product_id": "5Server-JBEAP-6:apache-cxf-0:2.4.9-6.redhat_3.ep6.el5.src" }, "product_reference": "apache-cxf-0:2.4.9-6.redhat_3.ep6.el5.src", "relates_to_product_reference": "5Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "apache-cxf-0:2.4.9-6.redhat_3.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:apache-cxf-0:2.4.9-6.redhat_3.ep6.el6.noarch" }, "product_reference": "apache-cxf-0:2.4.9-6.redhat_3.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6" }, { "category": "default_component_of", "full_product_name": { "name": "apache-cxf-0:2.4.9-6.redhat_3.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server", "product_id": "6Server-JBEAP-6:apache-cxf-0:2.4.9-6.redhat_3.ep6.el6.src" }, "product_reference": "apache-cxf-0:2.4.9-6.redhat_3.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6" } ] }, "vulnerabilities": [ { "cve": "CVE-2012-5633", "discovery_date": "2012-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "889008" } ], "notes": [ { "category": "description", "text": "The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-cxf: Bypass of security constraints on WS endpoints when using WSS4JInInterceptor", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-JBEAP-6:apache-cxf-0:2.4.9-6.redhat_3.ep6.el5.noarch", "5Server-JBEAP-6:apache-cxf-0:2.4.9-6.redhat_3.ep6.el5.src", "6Server-JBEAP-6:apache-cxf-0:2.4.9-6.redhat_3.ep6.el6.noarch", "6Server-JBEAP-6:apache-cxf-0:2.4.9-6.redhat_3.ep6.el6.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-5633" }, { "category": "external", "summary": "RHBZ#889008", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=889008" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-5633", "url": "https://www.cve.org/CVERecord?id=CVE-2012-5633" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-5633", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5633" } ], "release_date": "2013-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-03-13T18:45:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Server-JBEAP-6:apache-cxf-0:2.4.9-6.redhat_3.ep6.el5.noarch", "5Server-JBEAP-6:apache-cxf-0:2.4.9-6.redhat_3.ep6.el5.src", "6Server-JBEAP-6:apache-cxf-0:2.4.9-6.redhat_3.ep6.el6.noarch", "6Server-JBEAP-6:apache-cxf-0:2.4.9-6.redhat_3.ep6.el6.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0644" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "5Server-JBEAP-6:apache-cxf-0:2.4.9-6.redhat_3.ep6.el5.noarch", "5Server-JBEAP-6:apache-cxf-0:2.4.9-6.redhat_3.ep6.el5.src", "6Server-JBEAP-6:apache-cxf-0:2.4.9-6.redhat_3.ep6.el6.noarch", "6Server-JBEAP-6:apache-cxf-0:2.4.9-6.redhat_3.ep6.el6.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "apache-cxf: Bypass of security constraints on WS endpoints when using WSS4JInInterceptor" }, { "cve": "CVE-2013-0239", "discovery_date": "2013-01-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "905722" } ], "notes": [ { "category": "description", "text": "Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-cxf: UsernameTokenPolicyValidator and UsernameTokenInterceptor allow empty passwords to authenticate", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-JBEAP-6:apache-cxf-0:2.4.9-6.redhat_3.ep6.el5.noarch", "5Server-JBEAP-6:apache-cxf-0:2.4.9-6.redhat_3.ep6.el5.src", "6Server-JBEAP-6:apache-cxf-0:2.4.9-6.redhat_3.ep6.el6.noarch", "6Server-JBEAP-6:apache-cxf-0:2.4.9-6.redhat_3.ep6.el6.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-0239" }, { "category": "external", "summary": "RHBZ#905722", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=905722" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0239", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0239" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0239", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0239" } ], "release_date": "2013-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-03-13T18:45:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Server-JBEAP-6:apache-cxf-0:2.4.9-6.redhat_3.ep6.el5.noarch", "5Server-JBEAP-6:apache-cxf-0:2.4.9-6.redhat_3.ep6.el5.src", "6Server-JBEAP-6:apache-cxf-0:2.4.9-6.redhat_3.ep6.el6.noarch", "6Server-JBEAP-6:apache-cxf-0:2.4.9-6.redhat_3.ep6.el6.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0644" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "5Server-JBEAP-6:apache-cxf-0:2.4.9-6.redhat_3.ep6.el5.noarch", "5Server-JBEAP-6:apache-cxf-0:2.4.9-6.redhat_3.ep6.el5.src", "6Server-JBEAP-6:apache-cxf-0:2.4.9-6.redhat_3.ep6.el6.noarch", "6Server-JBEAP-6:apache-cxf-0:2.4.9-6.redhat_3.ep6.el6.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "apache-cxf: UsernameTokenPolicyValidator and UsernameTokenInterceptor allow empty passwords to authenticate" } ] }
rhsa-2013_0649
Vulnerability from csaf_redhat
Published
2013-03-14 16:40
Modified
2024-11-05 18:03
Summary
Red Hat Security Advisory: Fuse ESB Enterprise 7.1.0 update
Notes
Topic
Fuse ESB Enterprise 7.1.0 Patch 3, which fixes three security issues and
various bugs, is now available from the Red Hat Customer Portal.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
Fuse ESB Enterprise, based on Apache ServiceMix, provides an integration
platform.
This release of Fuse ESB Enterprise 7.1.0 Patch 3 is an update to Fuse ESB
Enterprise 7.1.0 and includes bug fixes. Refer to the readme file included
with the patch files for information about the bug fixes.
The following security issues are also fixed with this release:
If web services were deployed using Apache CXF with the WSS4JInInterceptor
enabled to apply WS-Security processing, HTTP GET requests to these
services were always granted access, without applying authentication
checks. The URIMappingInterceptor is a legacy mechanism for allowing
REST-like access (via GET requests) to simple SOAP services. A remote
attacker could use this flaw to access the REST-like interface of a simple
SOAP service using GET requests that bypass the security constraints
applied by WSS4JInInterceptor. This flaw was only exploitable if
WSS4JInInterceptor was used to apply WS-Security processing. Services that
use WS-SecurityPolicy to apply security were not affected. (CVE-2012-5633)
It was found that the Apache CXF UsernameTokenPolicyValidator and
UsernameTokenInterceptor allowed a UsernameToken element with no password
child element to bypass authentication. A remote attacker could use this
flaw to circumvent access controls applied to web services by omitting the
password in a UsernameToken. This flaw was exploitable on web services that
rely on WS-SecurityPolicy plain text UsernameTokens to authenticate users.
It was not exploitable when using hashed passwords or WS-Security without
WS-SecurityPolicy. (CVE-2013-0239)
A flaw was found in the way the Spring Security Framework
DaoAuthenticationProvider performed user authentication. A remote attacker
could possibly use this flaw to determine if a username was valid or not by
observing the time differences during attempted authentication. A caller to
an Apache Camel route could possibly use this flaw to perform a
side-channel timing attacking to find valid usernames (but not their
passwords). (CVE-2012-5055)
All users of Fuse ESB Enterprise 7.1.0 as provided from the Red Hat
Customer Portal are advised to upgrade to Fuse ESB Enterprise 7.1.0 Patch
3.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Fuse ESB Enterprise 7.1.0 Patch 3, which fixes three security issues and\nvarious bugs, is now available from the Red Hat Customer Portal.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "Fuse ESB Enterprise, based on Apache ServiceMix, provides an integration\nplatform.\n\nThis release of Fuse ESB Enterprise 7.1.0 Patch 3 is an update to Fuse ESB\nEnterprise 7.1.0 and includes bug fixes. Refer to the readme file included\nwith the patch files for information about the bug fixes.\n\nThe following security issues are also fixed with this release:\n\nIf web services were deployed using Apache CXF with the WSS4JInInterceptor\nenabled to apply WS-Security processing, HTTP GET requests to these\nservices were always granted access, without applying authentication\nchecks. The URIMappingInterceptor is a legacy mechanism for allowing\nREST-like access (via GET requests) to simple SOAP services. A remote\nattacker could use this flaw to access the REST-like interface of a simple\nSOAP service using GET requests that bypass the security constraints\napplied by WSS4JInInterceptor. This flaw was only exploitable if\nWSS4JInInterceptor was used to apply WS-Security processing. Services that\nuse WS-SecurityPolicy to apply security were not affected. (CVE-2012-5633)\n\nIt was found that the Apache CXF UsernameTokenPolicyValidator and\nUsernameTokenInterceptor allowed a UsernameToken element with no password\nchild element to bypass authentication. A remote attacker could use this\nflaw to circumvent access controls applied to web services by omitting the\npassword in a UsernameToken. This flaw was exploitable on web services that\nrely on WS-SecurityPolicy plain text UsernameTokens to authenticate users.\nIt was not exploitable when using hashed passwords or WS-Security without\nWS-SecurityPolicy. (CVE-2013-0239)\n\nA flaw was found in the way the Spring Security Framework\nDaoAuthenticationProvider performed user authentication. A remote attacker\ncould possibly use this flaw to determine if a username was valid or not by\nobserving the time differences during attempted authentication. A caller to\nan Apache Camel route could possibly use this flaw to perform a\nside-channel timing attacking to find valid usernames (but not their\npasswords). (CVE-2012-5055)\n\nAll users of Fuse ESB Enterprise 7.1.0 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Fuse ESB Enterprise 7.1.0 Patch\n3.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2013:0649", "url": "https://access.redhat.com/errata/RHSA-2013:0649" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=fuse.esb.enterprise\u0026downloadType=securityPatches\u0026version=7.1.0", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=fuse.esb.enterprise\u0026downloadType=securityPatches\u0026version=7.1.0" }, { "category": "external", "summary": "http://cxf.apache.org/cve-2012-5633.html", "url": "http://cxf.apache.org/cve-2012-5633.html" }, { "category": "external", "summary": "http://cxf.apache.org/cve-2013-0239.html", "url": "http://cxf.apache.org/cve-2013-0239.html" }, { "category": "external", "summary": "http://support.springsource.com/security/cve-2012-5055", "url": "http://support.springsource.com/security/cve-2012-5055" }, { "category": "external", "summary": "886031", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=886031" }, { "category": "external", "summary": "889008", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=889008" }, { "category": "external", "summary": "905722", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=905722" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0649.json" } ], "title": "Red Hat Security Advisory: Fuse ESB Enterprise 7.1.0 update", "tracking": { "current_release_date": "2024-11-05T18:03:22+00:00", "generator": { "date": "2024-11-05T18:03:22+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2013:0649", "initial_release_date": "2013-03-14T16:40:00+00:00", "revision_history": [ { "date": "2013-03-14T16:40:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2013-03-14T16:48:11+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T18:03:22+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Fuse ESB Enterprise 7.1.0", "product": { "name": "Fuse ESB Enterprise 7.1.0", "product_id": "Fuse ESB Enterprise 7.1.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:fuse_esb_enterprise:7.1.0" } } } ], "category": "product_family", "name": "Fuse Enterprise Middleware" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2012-5055", "discovery_date": "2012-12-11T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "886031" } ], "notes": [ { "category": "description", "text": "DaoAuthenticationProvider in VMware SpringSource Spring Security before 2.0.8, 3.0.x before 3.0.8, and 3.1.x before 3.1.3 does not check the password if the user is not found, which makes the response delay shorter and might allow remote attackers to enumerate valid usernames via a series of login requests.", "title": "Vulnerability description" }, { "category": "summary", "text": "Security: Ability to determine if username is valid via DaoAuthenticationProvider", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Fuse ESB Enterprise 7.1.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-5055" }, { "category": "external", "summary": "RHBZ#886031", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=886031" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-5055", "url": "https://www.cve.org/CVERecord?id=CVE-2012-5055" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-5055", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5055" } ], "release_date": "2012-10-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-03-14T16:40:00+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update).", "product_ids": [ "Fuse ESB Enterprise 7.1.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0649" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0" }, "products": [ "Fuse ESB Enterprise 7.1.0" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "Security: Ability to determine if username is valid via DaoAuthenticationProvider" }, { "cve": "CVE-2012-5633", "discovery_date": "2012-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "889008" } ], "notes": [ { "category": "description", "text": "The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-cxf: Bypass of security constraints on WS endpoints when using WSS4JInInterceptor", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Fuse ESB Enterprise 7.1.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-5633" }, { "category": "external", "summary": "RHBZ#889008", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=889008" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-5633", "url": "https://www.cve.org/CVERecord?id=CVE-2012-5633" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-5633", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5633" } ], "release_date": "2013-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-03-14T16:40:00+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update).", "product_ids": [ "Fuse ESB Enterprise 7.1.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0649" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "Fuse ESB Enterprise 7.1.0" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "apache-cxf: Bypass of security constraints on WS endpoints when using WSS4JInInterceptor" }, { "cve": "CVE-2013-0239", "discovery_date": "2013-01-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "905722" } ], "notes": [ { "category": "description", "text": "Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-cxf: UsernameTokenPolicyValidator and UsernameTokenInterceptor allow empty passwords to authenticate", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Fuse ESB Enterprise 7.1.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2013-0239" }, { "category": "external", "summary": "RHBZ#905722", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=905722" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2013-0239", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0239" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-0239", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-0239" } ], "release_date": "2013-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-03-14T16:40:00+00:00", "details": "The References section of this erratum contains a download link (you must\nlog in to download the update).", "product_ids": [ "Fuse ESB Enterprise 7.1.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0649" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "Fuse ESB Enterprise 7.1.0" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "apache-cxf: UsernameTokenPolicyValidator and UsernameTokenInterceptor allow empty passwords to authenticate" } ] }
rhsa-2013_0259
Vulnerability from csaf_redhat
Published
2013-02-13 18:54
Modified
2024-11-05 17:58
Summary
Red Hat Security Advisory: JBoss Enterprise Web Platform 5.2.0 security update
Notes
Topic
An updated apache-cxf package for JBoss Enterprise Web Platform 5.2.0 that
fixes two security issues is now available for Red Hat Enterprise Linux 4,
5, and 6.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
Details
The Enterprise Web Platform is a slimmed down profile of the JBoss
Enterprise Application Platform intended for mid-size workloads with light
and rich Java applications.
If web services were deployed using Apache CXF with the WSS4JInInterceptor
enabled to apply WS-Security processing, HTTP GET requests to these
services were always granted access, without applying authentication
checks. The URIMappingInterceptor is a legacy mechanism for allowing
REST-like access (via GET requests) to simple SOAP services. A remote
attacker could use this flaw to access the REST-like interface of a simple
SOAP service using GET requests that bypass the security constraints
applied by WSS4JInInterceptor. This flaw was only exploitable if
WSS4JInInterceptor was used to apply WS-Security processing. Services that
use WS-SecurityPolicy to apply security were not affected. (CVE-2012-5633)
It was found that Apache CXF was vulnerable to SOAPAction spoofing attacks
under certain conditions. If web services were exposed via Apache CXF that
use a unique SOAPAction for each service operation, then a remote attacker
could perform SOAPAction spoofing to call a forbidden operation if it
accepts the same parameters as an allowed operation. WS-Policy validation
was performed against the operation being invoked, and an attack must pass
validation to be successful. (CVE-2012-3451)
Note that the CVE-2012-3451 and CVE-2012-5633 issues only affected
environments that have JBoss Web Services CXF installed.
Red Hat would like to thank the Apache CXF project for reporting
CVE-2012-3451.
Warning: Before applying this update, back up your existing JBoss
Enterprise Web Platform installation (including all applications and
configuration files).
All users of JBoss Enterprise Web Platform 5.2.0 on Red Hat Enterprise
Linux 4, 5, and 6 are advised to upgrade to this updated package. The JBoss
server process must be restarted for the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An updated apache-cxf package for JBoss Enterprise Web Platform 5.2.0 that\nfixes two security issues is now available for Red Hat Enterprise Linux 4,\n5, and 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "The Enterprise Web Platform is a slimmed down profile of the JBoss\nEnterprise Application Platform intended for mid-size workloads with light\nand rich Java applications.\n\nIf web services were deployed using Apache CXF with the WSS4JInInterceptor\nenabled to apply WS-Security processing, HTTP GET requests to these\nservices were always granted access, without applying authentication\nchecks. The URIMappingInterceptor is a legacy mechanism for allowing\nREST-like access (via GET requests) to simple SOAP services. A remote\nattacker could use this flaw to access the REST-like interface of a simple\nSOAP service using GET requests that bypass the security constraints\napplied by WSS4JInInterceptor. This flaw was only exploitable if\nWSS4JInInterceptor was used to apply WS-Security processing. Services that\nuse WS-SecurityPolicy to apply security were not affected. (CVE-2012-5633)\n\nIt was found that Apache CXF was vulnerable to SOAPAction spoofing attacks\nunder certain conditions. If web services were exposed via Apache CXF that\nuse a unique SOAPAction for each service operation, then a remote attacker\ncould perform SOAPAction spoofing to call a forbidden operation if it\naccepts the same parameters as an allowed operation. WS-Policy validation\nwas performed against the operation being invoked, and an attack must pass\nvalidation to be successful. (CVE-2012-3451)\n\nNote that the CVE-2012-3451 and CVE-2012-5633 issues only affected\nenvironments that have JBoss Web Services CXF installed.\n\nRed Hat would like to thank the Apache CXF project for reporting\nCVE-2012-3451.\n\nWarning: Before applying this update, back up your existing JBoss\nEnterprise Web Platform installation (including all applications and\nconfiguration files).\n\nAll users of JBoss Enterprise Web Platform 5.2.0 on Red Hat Enterprise\nLinux 4, 5, and 6 are advised to upgrade to this updated package. The JBoss\nserver process must be restarted for the update to take effect.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2013:0259", "url": "https://access.redhat.com/errata/RHSA-2013:0259" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "http://cxf.apache.org/security-advisories.html", "url": "http://cxf.apache.org/security-advisories.html" }, { "category": "external", "summary": "851896", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851896" }, { "category": "external", "summary": "889008", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=889008" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0259.json" } ], "title": "Red Hat Security Advisory: JBoss Enterprise Web Platform 5.2.0 security update", "tracking": { "current_release_date": "2024-11-05T17:58:31+00:00", "generator": { "date": "2024-11-05T17:58:31+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2013:0259", "initial_release_date": "2013-02-13T18:54:00+00:00", "revision_history": [ { "date": "2013-02-13T18:54:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2013-02-13T19:00:47+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T17:58:31+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Web Platform 5 for RHEL 4 AS", "product": { "name": "Red Hat JBoss Web Platform 5 for RHEL 4 AS", "product_id": "4AS-JBEWP-5", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_web_platform:5::el4" } } }, { "category": "product_name", "name": "Red Hat JBoss Web Platform 5 for RHEL 4 ES", "product": { "name": "Red Hat JBoss Web Platform 5 for RHEL 4 ES", "product_id": "4ES-JBEWP-5", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_web_platform:5::el4" } } }, { "category": "product_name", "name": "Red Hat JBoss Web Platform 5 for RHEL 5 Server", "product": { "name": "Red Hat JBoss Web Platform 5 for RHEL 5 Server", "product_id": "5Server-JBEWP-5", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_web_platform:5::el5" } } }, { "category": "product_name", "name": "Red Hat JBoss Web Platform 5 for RHEL 6 Server", "product": { "name": "Red Hat JBoss Web Platform 5 for RHEL 6 Server", "product_id": "6Server-JBEWP-5", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_web_platform:5::el6" } } } ], "category": "product_family", "name": "Red Hat JBoss Web Platform" }, { "branches": [ { "category": "product_version", "name": "apache-cxf-0:2.2.12-10.patch_06.ep5.el4.src", "product": { "name": "apache-cxf-0:2.2.12-10.patch_06.ep5.el4.src", "product_id": "apache-cxf-0:2.2.12-10.patch_06.ep5.el4.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-cxf@2.2.12-10.patch_06.ep5.el4?arch=src" } } }, { "category": "product_version", "name": "apache-cxf-0:2.2.12-10.patch_06.ep5.el5.src", "product": { "name": "apache-cxf-0:2.2.12-10.patch_06.ep5.el5.src", "product_id": "apache-cxf-0:2.2.12-10.patch_06.ep5.el5.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-cxf@2.2.12-10.patch_06.ep5.el5?arch=src" } } }, { "category": "product_version", "name": "apache-cxf-0:2.2.12-10.patch_06.ep5.el6.src", "product": { "name": "apache-cxf-0:2.2.12-10.patch_06.ep5.el6.src", "product_id": "apache-cxf-0:2.2.12-10.patch_06.ep5.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-cxf@2.2.12-10.patch_06.ep5.el6?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "apache-cxf-0:2.2.12-10.patch_06.ep5.el4.noarch", "product": { "name": "apache-cxf-0:2.2.12-10.patch_06.ep5.el4.noarch", "product_id": "apache-cxf-0:2.2.12-10.patch_06.ep5.el4.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-cxf@2.2.12-10.patch_06.ep5.el4?arch=noarch" } } }, { "category": "product_version", "name": "apache-cxf-0:2.2.12-10.patch_06.ep5.el5.noarch", "product": { "name": "apache-cxf-0:2.2.12-10.patch_06.ep5.el5.noarch", "product_id": "apache-cxf-0:2.2.12-10.patch_06.ep5.el5.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-cxf@2.2.12-10.patch_06.ep5.el5?arch=noarch" } } }, { "category": "product_version", "name": "apache-cxf-0:2.2.12-10.patch_06.ep5.el6.noarch", "product": { "name": "apache-cxf-0:2.2.12-10.patch_06.ep5.el6.noarch", "product_id": "apache-cxf-0:2.2.12-10.patch_06.ep5.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/apache-cxf@2.2.12-10.patch_06.ep5.el6?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "apache-cxf-0:2.2.12-10.patch_06.ep5.el4.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 4 AS", "product_id": "4AS-JBEWP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el4.noarch" }, "product_reference": "apache-cxf-0:2.2.12-10.patch_06.ep5.el4.noarch", "relates_to_product_reference": "4AS-JBEWP-5" }, { "category": "default_component_of", "full_product_name": { "name": "apache-cxf-0:2.2.12-10.patch_06.ep5.el4.src as a component of Red Hat JBoss Web Platform 5 for RHEL 4 AS", "product_id": "4AS-JBEWP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el4.src" }, "product_reference": "apache-cxf-0:2.2.12-10.patch_06.ep5.el4.src", "relates_to_product_reference": "4AS-JBEWP-5" }, { "category": "default_component_of", "full_product_name": { "name": "apache-cxf-0:2.2.12-10.patch_06.ep5.el4.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 4 ES", "product_id": "4ES-JBEWP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el4.noarch" }, "product_reference": "apache-cxf-0:2.2.12-10.patch_06.ep5.el4.noarch", "relates_to_product_reference": "4ES-JBEWP-5" }, { "category": "default_component_of", "full_product_name": { "name": "apache-cxf-0:2.2.12-10.patch_06.ep5.el4.src as a component of Red Hat JBoss Web Platform 5 for RHEL 4 ES", "product_id": "4ES-JBEWP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el4.src" }, "product_reference": "apache-cxf-0:2.2.12-10.patch_06.ep5.el4.src", "relates_to_product_reference": "4ES-JBEWP-5" }, { "category": "default_component_of", "full_product_name": { "name": "apache-cxf-0:2.2.12-10.patch_06.ep5.el5.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 5 Server", "product_id": "5Server-JBEWP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el5.noarch" }, "product_reference": "apache-cxf-0:2.2.12-10.patch_06.ep5.el5.noarch", "relates_to_product_reference": "5Server-JBEWP-5" }, { "category": "default_component_of", "full_product_name": { "name": "apache-cxf-0:2.2.12-10.patch_06.ep5.el5.src as a component of Red Hat JBoss Web Platform 5 for RHEL 5 Server", "product_id": "5Server-JBEWP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el5.src" }, "product_reference": "apache-cxf-0:2.2.12-10.patch_06.ep5.el5.src", "relates_to_product_reference": "5Server-JBEWP-5" }, { "category": "default_component_of", "full_product_name": { "name": "apache-cxf-0:2.2.12-10.patch_06.ep5.el6.noarch as a component of Red Hat JBoss Web Platform 5 for RHEL 6 Server", "product_id": "6Server-JBEWP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el6.noarch" }, "product_reference": "apache-cxf-0:2.2.12-10.patch_06.ep5.el6.noarch", "relates_to_product_reference": "6Server-JBEWP-5" }, { "category": "default_component_of", "full_product_name": { "name": "apache-cxf-0:2.2.12-10.patch_06.ep5.el6.src as a component of Red Hat JBoss Web Platform 5 for RHEL 6 Server", "product_id": "6Server-JBEWP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el6.src" }, "product_reference": "apache-cxf-0:2.2.12-10.patch_06.ep5.el6.src", "relates_to_product_reference": "6Server-JBEWP-5" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Apache CXF project" ] } ], "cve": "CVE-2012-3451", "discovery_date": "2012-08-25T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "4AS-JBEWP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el4.noarch", "4AS-JBEWP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el4.src", "4ES-JBEWP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el4.noarch", "4ES-JBEWP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el4.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "851896" } ], "notes": [ { "category": "description", "text": "Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-cxf: SOAPAction spoofing on document literal web services", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-JBEWP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el5.noarch", "5Server-JBEWP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el5.src", "6Server-JBEWP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el6.noarch", "6Server-JBEWP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el6.src" ], "known_not_affected": [ "4AS-JBEWP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el4.noarch", "4AS-JBEWP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el4.src", "4ES-JBEWP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el4.noarch", "4ES-JBEWP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el4.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-3451" }, { "category": "external", "summary": "RHBZ#851896", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=851896" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-3451", "url": "https://www.cve.org/CVERecord?id=CVE-2012-3451" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3451", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3451" } ], "release_date": "2012-09-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-02-13T18:54:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Server-JBEWP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el5.noarch", "5Server-JBEWP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el5.src", "6Server-JBEWP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el6.noarch", "6Server-JBEWP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el6.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0259" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "5Server-JBEWP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el5.noarch", "5Server-JBEWP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el5.src", "6Server-JBEWP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el6.noarch", "6Server-JBEWP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el6.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apache-cxf: SOAPAction spoofing on document literal web services" }, { "cve": "CVE-2012-5633", "discovery_date": "2012-12-20T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "4AS-JBEWP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el4.noarch", "4AS-JBEWP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el4.src", "4ES-JBEWP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el4.noarch", "4ES-JBEWP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el4.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "889008" } ], "notes": [ { "category": "description", "text": "The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-cxf: Bypass of security constraints on WS endpoints when using WSS4JInInterceptor", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Server-JBEWP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el5.noarch", "5Server-JBEWP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el5.src", "6Server-JBEWP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el6.noarch", "6Server-JBEWP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el6.src" ], "known_not_affected": [ "4AS-JBEWP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el4.noarch", "4AS-JBEWP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el4.src", "4ES-JBEWP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el4.noarch", "4ES-JBEWP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el4.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-5633" }, { "category": "external", "summary": "RHBZ#889008", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=889008" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-5633", "url": "https://www.cve.org/CVERecord?id=CVE-2012-5633" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-5633", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5633" } ], "release_date": "2013-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2013-02-13T18:54:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Server-JBEWP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el5.noarch", "5Server-JBEWP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el5.src", "6Server-JBEWP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el6.noarch", "6Server-JBEWP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el6.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2013:0259" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0" }, "products": [ "5Server-JBEWP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el5.noarch", "5Server-JBEWP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el5.src", "6Server-JBEWP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el6.noarch", "6Server-JBEWP-5:apache-cxf-0:2.2.12-10.patch_06.ep5.el6.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "apache-cxf: Bypass of security constraints on WS endpoints when using WSS4JInInterceptor" } ] }
gsd-2012-5633
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2012-5633", "description": "The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.", "id": "GSD-2012-5633", "references": [ "https://access.redhat.com/errata/RHSA-2013:0749", "https://access.redhat.com/errata/RHSA-2013:0743", "https://access.redhat.com/errata/RHSA-2013:0726", "https://access.redhat.com/errata/RHSA-2013:0649", "https://access.redhat.com/errata/RHSA-2013:0645", "https://access.redhat.com/errata/RHSA-2013:0644", "https://access.redhat.com/errata/RHSA-2013:0259", "https://access.redhat.com/errata/RHSA-2013:0258", "https://access.redhat.com/errata/RHSA-2013:0257", "https://access.redhat.com/errata/RHSA-2013:0256" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2012-5633" ], "details": "The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.", "id": "GSD-2012-5633", "modified": "2023-12-13T01:20:19.224712Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-5633", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_affected": "=", "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E", "refsource": "MISC", "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E" }, { "name": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E", "refsource": "MISC", "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E" }, { "name": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E", "refsource": "MISC", "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E" }, { "name": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E", "refsource": "MISC", "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E" }, { "name": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E", "refsource": "MISC", "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E" }, { "name": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E", "refsource": "MISC", "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E" }, { "name": "http://cxf.apache.org/cve-2012-5633.html", "refsource": "MISC", "url": "http://cxf.apache.org/cve-2012-5633.html" }, { "name": "http://osvdb.org/90079", "refsource": "MISC", "url": "http://osvdb.org/90079" }, { "name": "http://packetstormsecurity.com/files/120213/Apache-CXF-WS-Security-URIMappingInterceptor-Bypass.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/120213/Apache-CXF-WS-Security-URIMappingInterceptor-Bypass.html" }, { "name": "http://rhn.redhat.com/errata/RHSA-2013-0256.html", "refsource": "MISC", "url": "http://rhn.redhat.com/errata/RHSA-2013-0256.html" }, { "name": "http://rhn.redhat.com/errata/RHSA-2013-0257.html", "refsource": "MISC", "url": "http://rhn.redhat.com/errata/RHSA-2013-0257.html" }, { "name": "http://rhn.redhat.com/errata/RHSA-2013-0258.html", "refsource": "MISC", "url": "http://rhn.redhat.com/errata/RHSA-2013-0258.html" }, { "name": "http://rhn.redhat.com/errata/RHSA-2013-0259.html", "refsource": "MISC", "url": "http://rhn.redhat.com/errata/RHSA-2013-0259.html" }, { "name": "http://rhn.redhat.com/errata/RHSA-2013-0726.html", "refsource": "MISC", "url": "http://rhn.redhat.com/errata/RHSA-2013-0726.html" }, { "name": "http://rhn.redhat.com/errata/RHSA-2013-0743.html", "refsource": "MISC", "url": "http://rhn.redhat.com/errata/RHSA-2013-0743.html" }, { "name": "http://rhn.redhat.com/errata/RHSA-2013-0749.html", "refsource": "MISC", "url": "http://rhn.redhat.com/errata/RHSA-2013-0749.html" }, { "name": "http://seclists.org/fulldisclosure/2013/Feb/39", "refsource": "MISC", "url": "http://seclists.org/fulldisclosure/2013/Feb/39" }, { "name": "http://secunia.com/advisories/51988", "refsource": "MISC", "url": "http://secunia.com/advisories/51988" }, { "name": "http://secunia.com/advisories/52183", "refsource": "MISC", "url": "http://secunia.com/advisories/52183" }, { "name": "http://stackoverflow.com/questions/7933293/why-does-apache-cxf-ws-security-implementation-ignore-get-requests", "refsource": "MISC", "url": "http://stackoverflow.com/questions/7933293/why-does-apache-cxf-ws-security-implementation-ignore-get-requests" }, { "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1409324", "refsource": "MISC", "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1409324" }, { "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1420698", "refsource": "MISC", "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1420698" }, { "name": "http://www.securityfocus.com/bid/57874", "refsource": "MISC", "url": "http://www.securityfocus.com/bid/57874" }, { "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81980", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81980" }, { "name": "https://issues.apache.org/jira/browse/CXF-4629", "refsource": "MISC", "url": "https://issues.apache.org/jira/browse/CXF-4629" }, { "name": "https://issues.jboss.org/browse/JBWS-3575", "refsource": "MISC", "url": "https://issues.jboss.org/browse/JBWS-3575" } ] } }, "gitlab.com": { "advisories": [ { "affected_range": "[2.5-alpha0,2.5.7],[2.6-alpha0,2.6.4],[2.7-alpha0,2.7.1]", "affected_versions": "All versions starting from 2.5-alpha0 up to 2.5.7, all versions starting from 2.6-alpha0 up to 2.6.4, all versions starting from 2.7-alpha0 up to 2.7.1", "cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "cwe_ids": [ "CWE-1035", "CWE-287", "CWE-937" ], "date": "2017-08-28", "description": "The `URIMappingInterceptor` in this package bypasses `WS-Security` processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.", "fixed_versions": [ "2.5.8", "2.6.5", "2.7.2" ], "identifier": "CVE-2012-5633", "identifiers": [ "CVE-2012-5633" ], "package_slug": "maven/org.apache.cxf/cxf-rt-ws-security", "pubdate": "2013-03-12", "solution": "There is no solution for this vulnerability at the moment.", "title": "Bypass of security constraints on WS endpoints when using WSS4JInInterceptor", "urls": [ "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5633", "https://github.com/apache/cxf/commit/db11c9115f31e171de4622149f157d8283f6c720" ], "uuid": "3c6388b5-5e00-4aef-a31a-51e4a808dc55" }, { "affected_range": "(,2.5.8),[2.6.0,2.6.5),[2.7.0,2.7.2)", "affected_versions": "All versions before 2.5.8, all versions starting from 2.6.0 before 2.6.5, all versions starting from 2.7.0 before 2.7.2", "cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "cwe_ids": [ "CWE-1035", "CWE-287", "CWE-937" ], "date": "2022-07-13", "description": "The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.", "fixed_versions": [ "2.5.8", "2.6.5", "2.7.2" ], "identifier": "CVE-2012-5633", "identifiers": [ "GHSA-xf9f-32gh-h2w4", "CVE-2012-5633" ], "not_impacted": "All versions starting from 2.5.8 before 2.6.0, all versions starting from 2.6.5 before 2.7.0, all versions starting from 2.7.2", "package_slug": "maven/org.apache.cxf/cxf", "pubdate": "2022-05-13", "solution": "Upgrade to versions 2.5.8, 2.6.5, 2.7.2 or above.", "title": "Improper Authentication", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2012-5633", "https://exchange.xforce.ibmcloud.com/vulnerabilities/81980", "https://issues.apache.org/jira/browse/CXF-4629", "https://issues.jboss.org/browse/JBWS-3575", "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E", "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E", "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E", "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E", "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E", "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E", "http://cxf.apache.org/cve-2012-5633.html", "http://packetstormsecurity.com/files/120213/Apache-CXF-WS-Security-URIMappingInterceptor-Bypass.html", "http://rhn.redhat.com/errata/RHSA-2013-0256.html", "http://rhn.redhat.com/errata/RHSA-2013-0257.html", "http://rhn.redhat.com/errata/RHSA-2013-0258.html", "http://rhn.redhat.com/errata/RHSA-2013-0259.html", "http://rhn.redhat.com/errata/RHSA-2013-0726.html", "http://rhn.redhat.com/errata/RHSA-2013-0743.html", "http://rhn.redhat.com/errata/RHSA-2013-0749.html", "http://seclists.org/fulldisclosure/2013/Feb/39", "http://stackoverflow.com/questions/7933293/why-does-apache-cxf-ws-security-implementation-ignore-get-requests", "http://svn.apache.org/viewvc?view=revision\u0026revision=1409324", "http://svn.apache.org/viewvc?view=revision\u0026revision=1420698", "https://github.com/advisories/GHSA-xf9f-32gh-h2w4" ], "uuid": "e3c45300-b47b-42b7-82d6-63c1bc9d56a5" } ] }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:cxf:2.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:cxf:2.5.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:cxf:2.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:cxf:2.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:cxf:2.5.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:cxf:2.5.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "2.5.7", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:cxf:2.5.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:cxf:2.6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:cxf:2.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:cxf:2.6.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:cxf:2.6.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:cxf:2.6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:cxf:2.7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:apache:cxf:2.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-5633" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-287" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2013:0259", "refsource": "REDHAT", "tags": [], "url": "http://rhn.redhat.com/errata/RHSA-2013-0259.html" }, { "name": "51988", "refsource": "SECUNIA", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/51988" }, { "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1420698", "refsource": "CONFIRM", "tags": [], "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1420698" }, { "name": "https://issues.jboss.org/browse/JBWS-3575", "refsource": "MISC", "tags": [], "url": "https://issues.jboss.org/browse/JBWS-3575" }, { "name": "52183", "refsource": "SECUNIA", "tags": [ "Vendor Advisory" ], "url": "http://secunia.com/advisories/52183" }, { "name": "http://stackoverflow.com/questions/7933293/why-does-apache-cxf-ws-security-implementation-ignore-get-requests", "refsource": "MISC", "tags": [], "url": "http://stackoverflow.com/questions/7933293/why-does-apache-cxf-ws-security-implementation-ignore-get-requests" }, { "name": "http://packetstormsecurity.com/files/120213/Apache-CXF-WS-Security-URIMappingInterceptor-Bypass.html", "refsource": "MISC", "tags": [], "url": "http://packetstormsecurity.com/files/120213/Apache-CXF-WS-Security-URIMappingInterceptor-Bypass.html" }, { "name": "RHSA-2013:0256", "refsource": "REDHAT", "tags": [], "url": "http://rhn.redhat.com/errata/RHSA-2013-0256.html" }, { "name": "90079", "refsource": "OSVDB", "tags": [], "url": "http://osvdb.org/90079" }, { "name": "20130208 New security advisories for Apache CXF", "refsource": "FULLDISC", "tags": [], "url": "http://seclists.org/fulldisclosure/2013/Feb/39" }, { "name": "57874", "refsource": "BID", "tags": [], "url": "http://www.securityfocus.com/bid/57874" }, { "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1409324", "refsource": "CONFIRM", "tags": [], "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1409324" }, { "name": "RHSA-2013:0258", "refsource": "REDHAT", "tags": [], "url": "http://rhn.redhat.com/errata/RHSA-2013-0258.html" }, { "name": "https://issues.apache.org/jira/browse/CXF-4629", "refsource": "CONFIRM", "tags": [], "url": "https://issues.apache.org/jira/browse/CXF-4629" }, { "name": "RHSA-2013:0257", "refsource": "REDHAT", "tags": [], "url": "http://rhn.redhat.com/errata/RHSA-2013-0257.html" }, { "name": "http://cxf.apache.org/cve-2012-5633.html", "refsource": "CONFIRM", "tags": [ "Vendor Advisory" ], "url": "http://cxf.apache.org/cve-2012-5633.html" }, { "name": "RHSA-2013:0726", "refsource": "REDHAT", "tags": [], "url": "http://rhn.redhat.com/errata/RHSA-2013-0726.html" }, { "name": "RHSA-2013:0743", "refsource": "REDHAT", "tags": [], "url": "http://rhn.redhat.com/errata/RHSA-2013-0743.html" }, { "name": "RHSA-2013:0749", "refsource": "REDHAT", "tags": [], "url": "http://rhn.redhat.com/errata/RHSA-2013-0749.html" }, { "name": "apachecxf-wssecurity-security-bypass(81980)", "refsource": "XF", "tags": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81980" }, { "name": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E", "refsource": "MISC", "tags": [], "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E" }, { "name": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E", "refsource": "MISC", "tags": [], "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E" }, { "name": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E", "refsource": "MISC", "tags": [], "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E" }, { "name": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E", "refsource": "MISC", "tags": [], "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E" }, { "name": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E", "refsource": "MISC", "tags": [], "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E" }, { "name": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E", "refsource": "MISC", "tags": [], "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E" } ] } }, "impact": { "baseMetricV2": { "cvssV2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false } }, "lastModifiedDate": "2023-02-13T00:26Z", "publishedDate": "2013-03-12T23:55Z" } } }
ghsa-xf9f-32gh-h2w4
Vulnerability from github
Published
2022-05-13 01:09
Modified
2023-12-21 21:02
Summary
Improper Authentication in Apache CXF
Details
The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
{ "affected": [ { "package": { "ecosystem": "Maven", "name": "org.apache.cxf:cxf" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "2.5.8" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "Maven", "name": "org.apache.cxf:cxf" }, "ranges": [ { "events": [ { "introduced": "2.6.0" }, { "fixed": "2.6.5" } ], "type": "ECOSYSTEM" } ] }, { "package": { "ecosystem": "Maven", "name": "org.apache.cxf:cxf" }, "ranges": [ { "events": [ { "introduced": "2.7.0" }, { "fixed": "2.7.2" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2012-5633" ], "database_specific": { "cwe_ids": [ "CWE-287" ], "github_reviewed": true, "github_reviewed_at": "2022-07-13T14:04:46Z", "nvd_published_at": "2013-03-12T23:55:00Z", "severity": "MODERATE" }, "details": "The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.", "id": "GHSA-xf9f-32gh-h2w4", "modified": "2023-12-21T21:02:30Z", "published": "2022-05-13T01:09:21Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5633" }, { "type": "WEB", "url": "https://github.com/apache/cxf/commit/0cbc56618b6048847debe670d54919e227744401" }, { "type": "WEB", "url": "https://github.com/apache/cxf/commit/1a6b532d53a7b98018871982049e4b0c80dc837c" }, { "type": "WEB", "url": "https://github.com/apache/cxf/commit/94a98b3fe9c79e2cf3941acbbad216ba54999bc0" }, { "type": "WEB", "url": "https://github.com/apache/cxf/commit/d99f96aa970d9f2faa8ed45e278a403af48757ae" }, { "type": "WEB", "url": "https://github.com/apache/cxf/commit/db11c9115f31e171de4622149f157d8283f6c720" }, { "type": "WEB", "url": "https://github.com/apache/cxf/commit/e0cdf873942b4d3fbc253e8ce6bb6fce3898019d" }, { "type": "WEB", "url": "https://github.com/apache/cxf/commit/e733c692e933a7f82424d3744aace9304cd5d4f6" }, { "type": "WEB", "url": "https://web.archive.org/web/20130216044418/http://www.securityfocus.com:80/bid/57874" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E" }, { "type": "WEB", "url": "https://issues.jboss.org/browse/JBWS-3575" }, { "type": "WEB", "url": "https://issues.apache.org/jira/browse/CXF-4629" }, { "type": "WEB", "url": "https://github.com/apache/cxf" }, { "type": "WEB", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81980" }, { "type": "WEB", "url": "http://cxf.apache.org/cve-2012-5633.html" }, { "type": "WEB", "url": "http://packetstormsecurity.com/files/120213/Apache-CXF-WS-Security-URIMappingInterceptor-Bypass.html" }, { "type": "WEB", "url": "http://rhn.redhat.com/errata/RHSA-2013-0256.html" }, { "type": "WEB", "url": "http://rhn.redhat.com/errata/RHSA-2013-0257.html" }, { "type": "WEB", "url": "http://rhn.redhat.com/errata/RHSA-2013-0258.html" }, { "type": "WEB", "url": "http://rhn.redhat.com/errata/RHSA-2013-0259.html" }, { "type": "WEB", "url": "http://rhn.redhat.com/errata/RHSA-2013-0726.html" }, { "type": "WEB", "url": "http://rhn.redhat.com/errata/RHSA-2013-0743.html" }, { "type": "WEB", "url": "http://rhn.redhat.com/errata/RHSA-2013-0749.html" }, { "type": "WEB", "url": "http://seclists.org/fulldisclosure/2013/Feb/39" }, { "type": "WEB", "url": "http://stackoverflow.com/questions/7933293/why-does-apache-cxf-ws-security-implementation-ignore-get-requests" }, { "type": "WEB", "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1409324" }, { "type": "WEB", "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1420698" } ], "schema_version": "1.4.0", "severity": [], "summary": "Improper Authentication in Apache CXF" }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.