CVE-2012-5633
Improper Authentication in Apache CXF
EPSS 1.8%
Description
The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
How to fix CVE-2012-5633
To remediate CVE-2012-5633, upgrade the affected package to a fixed version below.
- Maven/org.apache.cxf:cxf—upgrade to 2.5.8 or later
Is CVE-2012-5633 being exploited?
Low — EPSS is 1.8%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.5.8