Home Packages KEV Critical Insights Jobs Pricing

Loading…

Data from OSV.dev, CISA KEV, and FIRST EPSS.Sync status GitHub

CVE-2012-4418 — Apache Axis2 Vulnerable to XML Signature wrapping attack · VulnScope

CVE-2012-4418

Apache Axis2 Vulnerable to XML Signature wrapping attack

EPSS 0.33%

Description

Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."

How to fix CVE-2012-4418

To remediate CVE-2012-4418, upgrade the affected package to a fixed version below.

Maven/org.apache.axis2:axis2—upgrade to 1.7.9 or later

Is CVE-2012-4418 being exploited?

Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 1.7.9

References (9)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2012-4418
PATCHgithub.com/apache/axis-axis2-java-core
WEBbugzilla.redhat.com/show_bug.cgi?id=856755
WEBissues.apache.org/jira/browse/AXIS2-5930
WEB

Metadata

Published: 5/17/2022
Modified: 12/4/2024

Also known as:

GHSA-88r4-38gc-97p4ghsa

issues.apache.org

/jira/browse/AXIS2C-1694

WEBweb.archive.org/web/20121114075457/http://www.securityfocus.com/bid/55508

WEBwww.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf

WEBwww.openwall.com/lists/oss-security/2012/09/12/1

WEBwww.openwall.com/lists/oss-security/2012/09/13/1

Maven/org.apache.axis2:axis2