Lucene search
GitHub Advisory DatabaseGHSA-66RX-GQX3-P98MHistoryMay 13, 2022 - 1:01 a.m.
Improper Authentication in Apache Axis2
2022-05-1301:01:04
CWE-287
GitHub Advisory Database
github.com
26
apache axis2
saml assertion
authentication
CVSS2
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
EPSS
0.004
Percentile
72.3%
Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a “Signature exclusion attack,” a different vulnerability than CVE-2012-4418.
Affected configurations
Node
org.apache.axis2axis2Range<1.6.4
| Vendor | Product | Version | CPE |
|---|---|---|---|
| org.apache.axis2 | axis2 | * | cpe:2.3:a:org.apache.axis2:axis2:*:*:*:*:*:*:*:* |
Related
prion
prion
Authentication flaw
2012-10-09 23:55:00
Authentication flaw
2012-10-09 23:55:00
osv
osv
Improper Authentication in Apache Axis2
2022-05-13 01:01:04
Apache Axis2 Vulnerable to XML Signature wrapping attack
2022-05-17 05:16:12
nvd
nvd
CVE-2012-5351
2012-10-09 23:55:05
CVE-2012-4418
2012-10-09 23:55:05
cvelist
cvelist
CVE-2012-5351
2012-10-09 23:00:00
CVE-2012-4418
2012-10-09 23:00:00
cve
cve
CVE-2012-5351
2012-10-09 23:55:05
CVE-2012-4418
2012-10-09 23:55:05
openvas
openvas
Apache Axis2 <= 1.6.2 Multiple Vulnerabilities
2015-03-17 00:00:00
github
github
Apache Axis2 Vulnerable to XML Signature wrapping attack
2022-05-17 05:16:12
CVSS2
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
EPSS
0.004
Percentile
72.3%
Related for GHSA-66RX-GQX3-P98M