Auth bypass in Apache Axis2

CVE-2012-4418

Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."

Vulnerability class: Broken Authentication

EPSS: 0.003 (56.1th percentile) — read the EPSS interpretation.

Affected products

Apache Axis2
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

[oss-security] 20120912 Re: CVE Request: Apache Axis2 XML Signature Wrapping Attack (mailing-list, x_refsource_MLIST)
[oss-security] 20120912 CVE Request: Apache Axis2 XML Signature Wrapping Attack (mailing-list, x_refsource_MLIST)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (Exploit, x_refsource_MISC)
55508 (vdb-entry, x_refsource_BID)