Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-q4ee-7vdy-sqej
Vulnerability ID VCID-q4ee-7vdy-sqej
Aliases CVE-2012-5575
GHSA-7v5v-9v8r-w864
Summary Inadequate Encryption Strength in Apache CXF Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic algorithms than intended and makes it easier to decrypt communications, aka "XML Encryption backwards compatibility attack."
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (5)
CWE-326 Inadequate Encryption Strength
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-310 Cryptographic Issues
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual MODERATE http://cxf.apache.org/cve-2012-5575.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-0833.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-0834.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-0839.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-0873.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-0874.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-0875.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-0876.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-0943.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-1028.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-1143.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-1437.html
epss 0.09505 https://api.first.org/data/v1/epss?cve=CVE-2012-5575
generic_textual MODERATE https://bugzilla.redhat.com/show_bug.cgi?id=880443
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-7v5v-9v8r-w864
generic_textual MODERATE https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2012-5575
generic_textual MODERATE http://www.nds.ruhr-uni-bochum.de/research/publications/backwards-compatibility
generic_textual MODERATE http://www.securityfocus.com/bid/60043
Reference id Reference type URL
http://cxf.apache.org/cve-2012-5575.html
http://rhn.redhat.com/errata/RHSA-2013-0833.html
http://rhn.redhat.com/errata/RHSA-2013-0834.html
http://rhn.redhat.com/errata/RHSA-2013-0839.html
http://rhn.redhat.com/errata/RHSA-2013-0873.html
http://rhn.redhat.com/errata/RHSA-2013-0874.html
http://rhn.redhat.com/errata/RHSA-2013-0875.html
http://rhn.redhat.com/errata/RHSA-2013-0876.html
http://rhn.redhat.com/errata/RHSA-2013-0943.html
http://rhn.redhat.com/errata/RHSA-2013-1028.html
http://rhn.redhat.com/errata/RHSA-2013-1143.html
http://rhn.redhat.com/errata/RHSA-2013-1437.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5575.json
https://api.first.org/data/v1/epss?cve=CVE-2012-5575
https://bugzilla.redhat.com/show_bug.cgi?id=880443
https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2012-5575
http://www.nds.ruhr-uni-bochum.de/research/publications/backwards-compatibility
http://www.nds.ruhr-uni-bochum.de/research/publications/backwards-compatibility/
http://www.securityfocus.com/bid/60043
GHSA-7v5v-9v8r-w864 https://github.com/advisories/GHSA-7v5v-9v8r-w864
RHSA-2013:0833 https://access.redhat.com/errata/RHSA-2013:0833
RHSA-2013:0834 https://access.redhat.com/errata/RHSA-2013:0834
RHSA-2013:0839 https://access.redhat.com/errata/RHSA-2013:0839
RHSA-2013:0873 https://access.redhat.com/errata/RHSA-2013:0873
RHSA-2013:0874 https://access.redhat.com/errata/RHSA-2013:0874
RHSA-2013:0875 https://access.redhat.com/errata/RHSA-2013:0875
RHSA-2013:0876 https://access.redhat.com/errata/RHSA-2013:0876
RHSA-2013:0943 https://access.redhat.com/errata/RHSA-2013:0943
RHSA-2013:1006 https://access.redhat.com/errata/RHSA-2013:1006
RHSA-2013:1028 https://access.redhat.com/errata/RHSA-2013:1028
RHSA-2013:1437 https://access.redhat.com/errata/RHSA-2013:1437
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.92965
EPSS Score 0.09505
Published At May 29, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-29T09:39:43.943441+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-7v5v-9v8r-w864/GHSA-7v5v-9v8r-w864.json 38.6.0