Lucene search

PRIOn knowledge basePRION:CVE-2012-3451

HistorySep 24, 2012 - 5:55 p.m.

Spoofing

2012-09-2417:55:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.7%

JSON

Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.

CPENameOperatorVersion
cxflt2.4.9
cxfge2.5.0
cxflt2.5.5
cxfge2.6.0
cxflt2.6.2

Name	Operator	Version
cxf	lt	2.4.9
cxf	ge	2.5.0
cxf	lt	2.5.5
cxf	ge	2.6.0
cxf	lt	2.6.2

References

cxf.apache.org/cve-2012-3451.html

rhn.redhat.com/errata/RHSA-2012-1591.html

rhn.redhat.com/errata/RHSA-2012-1592.html

rhn.redhat.com/errata/RHSA-2012-1594.html

rhn.redhat.com/errata/RHSA-2013-0256.html

rhn.redhat.com/errata/RHSA-2013-0257.html

rhn.redhat.com/errata/RHSA-2013-0258.html

rhn.redhat.com/errata/RHSA-2013-0259.html

rhn.redhat.com/errata/RHSA-2013-0726.html

rhn.redhat.com/errata/RHSA-2013-0743.html

secunia.com/advisories/51607

secunia.com/advisories/52183

svn.apache.org/viewvc?view=revision&revision=1368559

bugzilla.redhat.com/show_bug.cgi?id=851896

exchange.xforce.ibmcloud.com/vulnerabilities/78734

lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E

lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E

lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E

lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E

lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E

lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E