Search for vulnerabilities
Vulnerability details: VCID-bd4x-va5p-aaar
Vulnerability ID VCID-bd4x-va5p-aaar
Aliases CVE-2012-5633
GHSA-xf9f-32gh-h2w4
Summary Bypass of security constraints on WS endpoints when using WSS4JInInterceptor The `URIMappingInterceptor` in this package bypasses `WS-Security` processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-287 Improper Authentication
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual MODERATE http://packetstormsecurity.com/files/120213/Apache-CXF-WS-Security-URIMappingInterceptor-Bypass.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-0256.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-0257.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-0258.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-0259.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-0726.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-0743.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-0749.html
rhas Important https://access.redhat.com/errata/RHSA-2013:0256
rhas Important https://access.redhat.com/errata/RHSA-2013:0257
rhas Important https://access.redhat.com/errata/RHSA-2013:0258
rhas Important https://access.redhat.com/errata/RHSA-2013:0259
rhas Important https://access.redhat.com/errata/RHSA-2013:0644
rhas Important https://access.redhat.com/errata/RHSA-2013:0645
rhas Important https://access.redhat.com/errata/RHSA-2013:0649
rhas Important https://access.redhat.com/errata/RHSA-2013:0726
rhas Important https://access.redhat.com/errata/RHSA-2013:0743
rhas Important https://access.redhat.com/errata/RHSA-2013:0749
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.00236 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.00278 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.00278 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.00278 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.00278 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0411 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0411 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0411 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0411 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0411 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0411 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0411 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0411 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0411 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0411 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0411 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0411 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0411 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0411 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0411 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0411 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0411 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0463 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0463 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0463 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0463 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0463 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0463 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0463 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0463 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0463 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0463 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0463 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0463 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0463 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0463 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0463 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0463 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0463 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0463 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0463 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0463 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0463 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0463 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0463 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0463 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0463 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0463 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0463 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0463 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0463 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0463 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0463 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0463 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0463 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0463 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0463 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0463 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0463 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0463 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0463 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0463 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0463 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0463 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0463 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0463 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0463 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0463 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0463 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0463 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0463 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0463 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.0463 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
epss 0.05675 https://api.first.org/data/v1/epss?cve=CVE-2012-5633
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=889008
generic_textual MODERATE http://seclists.org/fulldisclosure/2013/Feb/39
generic_textual MODERATE https://exchange.xforce.ibmcloud.com/vulnerabilities/81980
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-xf9f-32gh-h2w4
cvssv3.1 3.7 https://github.com/apache/cxf
generic_textual LOW https://github.com/apache/cxf
generic_textual MODERATE https://github.com/apache/cxf/commit/0cbc56618b6048847debe670d54919e227744401
generic_textual MODERATE https://github.com/apache/cxf/commit/1a6b532d53a7b98018871982049e4b0c80dc837c
generic_textual MODERATE https://github.com/apache/cxf/commit/94a98b3fe9c79e2cf3941acbbad216ba54999bc0
generic_textual MODERATE https://github.com/apache/cxf/commit/d99f96aa970d9f2faa8ed45e278a403af48757ae
generic_textual MODERATE https://github.com/apache/cxf/commit/db11c9115f31e171de4622149f157d8283f6c720
generic_textual MODERATE https://github.com/apache/cxf/commit/e0cdf873942b4d3fbc253e8ce6bb6fce3898019d
generic_textual MODERATE https://github.com/apache/cxf/commit/e733c692e933a7f82424d3744aace9304cd5d4f6
generic_textual MODERATE https://issues.apache.org/jira/browse/CXF-4629
generic_textual MODERATE https://issues.jboss.org/browse/JBWS-3575
cvssv3.1 6.1 https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
cvssv3.1 9.8 https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
cvssv3.1 9.8 https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
generic_textual CRITICAL https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
cvssv3.1 9.8 https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
cvssv3.1 5.3 https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
cvssv3.1 9.8 https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
cvssv3.1 7.5 https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
generic_textual HIGH https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
cvssv3.1 9.8 https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
cvssv3.1 7.5 https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
generic_textual HIGH https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
cvssv3.1 9.8 https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
cvssv3.1 6.1 https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
cvssv3.1 9.8 https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
cvssv2 5.8 https://nvd.nist.gov/vuln/detail/CVE-2012-5633
generic_textual MODERATE http://stackoverflow.com/questions/7933293/why-does-apache-cxf-ws-security-implementation-ignore-get-requests
generic_textual MODERATE http://svn.apache.org/viewvc?view=revision&revision=1409324
generic_textual MODERATE http://svn.apache.org/viewvc?view=revision&revision=1420698
generic_textual MODERATE https://web.archive.org/web/20130216044418/http://www.securityfocus.com:80/bid/57874
Reference id Reference type URL
http://osvdb.org/90079
http://packetstormsecurity.com/files/120213/Apache-CXF-WS-Security-URIMappingInterceptor-Bypass.html
http://rhn.redhat.com/errata/RHSA-2013-0256.html
http://rhn.redhat.com/errata/RHSA-2013-0257.html
http://rhn.redhat.com/errata/RHSA-2013-0258.html
http://rhn.redhat.com/errata/RHSA-2013-0259.html
http://rhn.redhat.com/errata/RHSA-2013-0726.html
http://rhn.redhat.com/errata/RHSA-2013-0743.html
http://rhn.redhat.com/errata/RHSA-2013-0749.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5633.json
https://api.first.org/data/v1/epss?cve=CVE-2012-5633
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5633
http://seclists.org/fulldisclosure/2013/Feb/39
http://secunia.com/advisories/51988
http://secunia.com/advisories/52183
https://exchange.xforce.ibmcloud.com/vulnerabilities/81980
https://github.com/apache/cxf
https://github.com/apache/cxf/commit/0cbc56618b6048847debe670d54919e227744401
https://github.com/apache/cxf/commit/1a6b532d53a7b98018871982049e4b0c80dc837c
https://github.com/apache/cxf/commit/94a98b3fe9c79e2cf3941acbbad216ba54999bc0
https://github.com/apache/cxf/commit/d99f96aa970d9f2faa8ed45e278a403af48757ae
https://github.com/apache/cxf/commit/db11c9115f31e171de4622149f157d8283f6c720
https://github.com/apache/cxf/commit/e0cdf873942b4d3fbc253e8ce6bb6fce3898019d
https://github.com/apache/cxf/commit/e733c692e933a7f82424d3744aace9304cd5d4f6
https://issues.apache.org/jira/browse/CXF-4629
https://issues.jboss.org/browse/JBWS-3575
https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
http://stackoverflow.com/questions/7933293/why-does-apache-cxf-ws-security-implementation-ignore-get-requests
http://svn.apache.org/viewvc?view=revision&revision=1409324
http://svn.apache.org/viewvc?view=revision&revision=1420698
https://web.archive.org/web/20130216044418/http://www.securityfocus.com:80/bid/57874
http://www.securityfocus.com/bid/57874
889008 https://bugzilla.redhat.com/show_bug.cgi?id=889008
cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.5.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.5.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.5.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.5.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.5.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.5.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.5.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.6.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.6.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.6.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.6.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.6.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:2.7.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:2.7.1:*:*:*:*:*:*:*
CVE-2012-5633 https://nvd.nist.gov/vuln/detail/CVE-2012-5633
CVE-2012-5633.HTML http://cxf.apache.org/cve-2012-5633.html
GHSA-xf9f-32gh-h2w4 https://github.com/advisories/GHSA-xf9f-32gh-h2w4
RHSA-2013:0256 https://access.redhat.com/errata/RHSA-2013:0256
RHSA-2013:0257 https://access.redhat.com/errata/RHSA-2013:0257
RHSA-2013:0258 https://access.redhat.com/errata/RHSA-2013:0258
RHSA-2013:0259 https://access.redhat.com/errata/RHSA-2013:0259
RHSA-2013:0644 https://access.redhat.com/errata/RHSA-2013:0644
RHSA-2013:0645 https://access.redhat.com/errata/RHSA-2013:0645
RHSA-2013:0649 https://access.redhat.com/errata/RHSA-2013:0649
RHSA-2013:0726 https://access.redhat.com/errata/RHSA-2013:0726
RHSA-2013:0743 https://access.redhat.com/errata/RHSA-2013:0743
RHSA-2013:0749 https://access.redhat.com/errata/RHSA-2013:0749
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/apache/cxf
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2012-5633
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.62122
EPSS Score 0.00236
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.