What is CVE-2012-5351?

CVE-2012-5351 is a vulnerability in Apache Axis2, classified under Improper Authentication. Published 2012-10-09.

Is CVE-2012-5351 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Auth bypass in Apache Axis2

CVE-2012-5351

Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.

Vulnerability class: Broken Authentication

EPSS: 0.003 (54.5th percentile) — read the EPSS interpretation.

Affected products

Apache Axis2
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

apache-axis2-saml-sec-bypass(79487) (vdb-entry, x_refsource_XF)
cve@mitre.org (x_refsource_MISC)
cve@mitre.org (x_refsource_MISC)

Frequently asked questions

What is CVE-2012-5351?: CVE-2012-5351 is a vulnerability in Apache Axis2, classified under Improper Authentication. Published 2012-10-09.
Is CVE-2012-5351 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.