Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-n8bd-use6-pbb2
Vulnerability ID VCID-n8bd-use6-pbb2
Aliases CVE-2012-3451
GHSA-55j7-f5wf-43m4
Summary Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-20 Improper Input Validation
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual HIGH http://cxf.apache.org/cve-2012-3451.html
generic_textual HIGH http://rhn.redhat.com/errata/RHSA-2012-1591.html
generic_textual HIGH http://rhn.redhat.com/errata/RHSA-2012-1592.html
generic_textual HIGH http://rhn.redhat.com/errata/RHSA-2012-1594.html
generic_textual HIGH http://rhn.redhat.com/errata/RHSA-2013-0256.html
generic_textual HIGH http://rhn.redhat.com/errata/RHSA-2013-0257.html
generic_textual HIGH http://rhn.redhat.com/errata/RHSA-2013-0258.html
generic_textual HIGH http://rhn.redhat.com/errata/RHSA-2013-0259.html
generic_textual HIGH http://rhn.redhat.com/errata/RHSA-2013-0726.html
generic_textual HIGH http://rhn.redhat.com/errata/RHSA-2013-0743.html
epss 0.09969 https://api.first.org/data/v1/epss?cve=CVE-2012-3451
epss 0.09969 https://api.first.org/data/v1/epss?cve=CVE-2012-3451
epss 0.09969 https://api.first.org/data/v1/epss?cve=CVE-2012-3451
epss 0.09969 https://api.first.org/data/v1/epss?cve=CVE-2012-3451
epss 0.09969 https://api.first.org/data/v1/epss?cve=CVE-2012-3451
epss 0.09969 https://api.first.org/data/v1/epss?cve=CVE-2012-3451
epss 0.09969 https://api.first.org/data/v1/epss?cve=CVE-2012-3451
epss 0.09969 https://api.first.org/data/v1/epss?cve=CVE-2012-3451
epss 0.09969 https://api.first.org/data/v1/epss?cve=CVE-2012-3451
epss 0.09969 https://api.first.org/data/v1/epss?cve=CVE-2012-3451
epss 0.09969 https://api.first.org/data/v1/epss?cve=CVE-2012-3451
epss 0.09969 https://api.first.org/data/v1/epss?cve=CVE-2012-3451
epss 0.09969 https://api.first.org/data/v1/epss?cve=CVE-2012-3451
epss 0.09969 https://api.first.org/data/v1/epss?cve=CVE-2012-3451
epss 0.09969 https://api.first.org/data/v1/epss?cve=CVE-2012-3451
generic_textual HIGH https://bugzilla.redhat.com/show_bug.cgi?id=851896
generic_textual HIGH https://exchange.xforce.ibmcloud.com/vulnerabilities/78734
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-55j7-f5wf-43m4
generic_textual HIGH https://github.com/apache/cxf
generic_textual HIGH https://github.com/apache/cxf/commit/7230648f96573820d5bfa82c92c637391b448897
generic_textual HIGH https://github.com/apache/cxf/commit/878fe37f0b09888a42005fedc725ce497b5a694a
generic_textual HIGH https://github.com/apache/cxf/commit/9c70abe28fbf2b4c4df0b93ed12295ea5a012554
generic_textual HIGH https://github.com/apache/cxf/commit/deeeaa95a861b355068ca6febc7aa02a4a8c51e5
generic_textual HIGH https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
generic_textual HIGH https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
generic_textual HIGH https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
generic_textual HIGH https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
generic_textual HIGH https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
generic_textual HIGH https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
generic_textual HIGH https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
generic_textual HIGH https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
generic_textual HIGH https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
generic_textual HIGH https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
generic_textual HIGH https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
generic_textual HIGH https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2012-3451
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2012-3451
generic_textual HIGH http://svn.apache.org/viewvc?view=revision&revision=1368559
Reference id Reference type URL
http://rhn.redhat.com/errata/RHSA-2012-1591.html
http://rhn.redhat.com/errata/RHSA-2012-1592.html
http://rhn.redhat.com/errata/RHSA-2012-1594.html
http://rhn.redhat.com/errata/RHSA-2013-0256.html
http://rhn.redhat.com/errata/RHSA-2013-0257.html
http://rhn.redhat.com/errata/RHSA-2013-0258.html
http://rhn.redhat.com/errata/RHSA-2013-0259.html
http://rhn.redhat.com/errata/RHSA-2013-0726.html
http://rhn.redhat.com/errata/RHSA-2013-0743.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3451.json
https://api.first.org/data/v1/epss?cve=CVE-2012-3451
https://bugzilla.redhat.com/show_bug.cgi?id=851896
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3451
http://secunia.com/advisories/51607
http://secunia.com/advisories/52183
https://exchange.xforce.ibmcloud.com/vulnerabilities/78734
https://github.com/apache/cxf
https://github.com/apache/cxf/commit/7230648f96573820d5bfa82c92c637391b448897
https://github.com/apache/cxf/commit/878fe37f0b09888a42005fedc725ce497b5a694a
https://github.com/apache/cxf/commit/9c70abe28fbf2b4c4df0b93ed12295ea5a012554
https://github.com/apache/cxf/commit/deeeaa95a861b355068ca6febc7aa02a4a8c51e5
https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
http://svn.apache.org/viewvc?view=revision&revision=1368559
cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*
CVE-2012-3451 https://nvd.nist.gov/vuln/detail/CVE-2012-3451
CVE-2012-3451.HTML http://cxf.apache.org/cve-2012-3451.html
GHSA-55j7-f5wf-43m4 https://github.com/advisories/GHSA-55j7-f5wf-43m4
RHSA-2012:1591 https://access.redhat.com/errata/RHSA-2012:1591
RHSA-2012:1592 https://access.redhat.com/errata/RHSA-2012:1592
RHSA-2012:1594 https://access.redhat.com/errata/RHSA-2012:1594
RHSA-2013:0256 https://access.redhat.com/errata/RHSA-2013:0256
RHSA-2013:0257 https://access.redhat.com/errata/RHSA-2013:0257
RHSA-2013:0258 https://access.redhat.com/errata/RHSA-2013:0258
RHSA-2013:0259 https://access.redhat.com/errata/RHSA-2013:0259
RHSA-2013:0726 https://access.redhat.com/errata/RHSA-2013:0726
RHSA-2013:0743 https://access.redhat.com/errata/RHSA-2013:0743
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2012-3451
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.93012
EPSS Score 0.09969
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:38:16.899676+00:00 ProjectKB MSRImporter Import https://raw.githubusercontent.com/SAP/project-kb/master/MSR2019/dataset/vulas_db_msr2019_release.csv 38.0.0