Vulnerability in Apache Cxf
CVE-2012-5575
Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remot…
Vulnerability class: POODLE (CVE-2014-3566)
EPSS: 0.095 (93.0th percentile) — read the EPSS interpretation.
Affected products
- Apache Cxf — versions 2.5.0, 2.5.1, 2.5.2
- Redhat Jboss_enterprise_application_platform — versions 5.0.0
- Redhat Jboss_enterprise_portal_platform — versions 4.3.0
- Redhat Jboss_enterprise_soa_platform — versions 4.3.0
- Redhat Jboss_enterprise_web_platform — versions 5.2.0
- Redhat Jboss_fuse_esb_enterprise — versions 7.1.0
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- RHSA-2013:0943 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
- secalert@redhat.com (x_refsource_CONFIRM)
- RHSA-2013:0839 (x_refsource_REDHAT, vendor-advisory)
- RHSA-2013:0875 (x_refsource_REDHAT, vendor-advisory)
- 60043 (vdb-entry, x_refsource_BID)
- secalert@redhat.com (x_refsource_MISC)
- RHSA-2013:0833 (x_refsource_REDHAT, vendor-advisory)
- RHSA-2013:1437 (x_refsource_REDHAT, vendor-advisory)
- secalert@redhat.com (x_refsource_CONFIRM)
- RHSA-2013:1143 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
Frequently asked questions
- What is CVE-2012-5575?
- CVE-2012-5575 is a vulnerability in Apache Cxf, classified under Cryptographic Issues. Published 2013-08-19.
- Is CVE-2012-5575 known to be exploited?
- 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.