REDHAT-BUG-851896
First published: Mon Aug 27 2012(Updated: )
Apache CXF is vulnerable to SOAPAction spoofing attacks under certain conditions. If web services are exposed via Apache CXF that use a unique SOAPAction for each service operation, then a remote attacker could perform SOAPAction spoofing to call a forbidden operation if it accepts the same parameters as an allowed operation. WS-Policy validation is performed against the operation being invoked, and an attack must pass validation to be successful.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache CXF |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://cxf.apache.org/cve-2012-3451.html
- http://svn.apache.org/viewvc?view=revision&revision=1368559
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=858781
- https://rhn.redhat.com/errata/RHSA-2012-1591.html
- https://rhn.redhat.com/errata/RHSA-2012-1592.html
- https://rhn.redhat.com/errata/RHSA-2012-1594.html
- https://rhn.redhat.com/errata/RHSA-2013-0256.html
- https://rhn.redhat.com/errata/RHSA-2013-0259.html
- https://rhn.redhat.com/errata/RHSA-2013-0258.html
- https://rhn.redhat.com/errata/RHSA-2013-0257.html
- https://rhn.redhat.com/errata/RHSA-2013-0726.html
- https://rhn.redhat.com/errata/RHSA-2013-0743.html
- https://bugzilla.redhat.com/show_bug.cgi?id=851896
- collector/redhat-bugzilla
- alias/CVE-2012-3451
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/description
- agent/references
- agent/severity
- agent/tags
- agent/softwarecombine
- agent/event
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/apache
- canonical/apache cxf