Search for vulnerabilities
Vulnerability details: VCID-kuz5-ck5u-aaaa
Vulnerability ID VCID-kuz5-ck5u-aaaa
Aliases CVE-2012-4418
GHSA-88r4-38gc-97p4
Summary CVE-2012-4418 axis2: vulnerable to XML signature wrapping attacks
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-287 Improper Authentication
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00054 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00073 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00346 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00346 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00346 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00346 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00346 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00346 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00346 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00346 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00346 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00346 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00346 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00346 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00406 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
epss 0.00414 https://api.first.org/data/v1/epss?cve=CVE-2012-4418
generic_textual MODERATE https://bugzilla.redhat.com/show_bug.cgi?id=856755
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-88r4-38gc-97p4
generic_textual MODERATE https://github.com/apache/axis-axis2-java-core
generic_textual MODERATE https://issues.apache.org/jira/browse/AXIS2-5930
generic_textual MODERATE https://issues.apache.org/jira/browse/AXIS2C-1694
cvssv2 5.8 https://nvd.nist.gov/vuln/detail/CVE-2012-4418
generic_textual MODERATE https://web.archive.org/web/20121114075457/http://www.securityfocus.com/bid/55508
generic_textual MODERATE http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf
generic_textual MODERATE http://www.openwall.com/lists/oss-security/2012/09/12/1
generic_textual MODERATE http://www.openwall.com/lists/oss-security/2012/09/13/1
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4418.json
https://api.first.org/data/v1/epss?cve=CVE-2012-4418
https://bugzilla.redhat.com/show_bug.cgi?id=856755
https://github.com/apache/axis-axis2-java-core
https://issues.apache.org/jira/browse/AXIS2-5930
https://issues.apache.org/jira/browse/AXIS2C-1694
https://web.archive.org/web/20121114075457/http://www.securityfocus.com/bid/55508
http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf
http://www.openwall.com/lists/oss-security/2012/09/12/1
http://www.openwall.com/lists/oss-security/2012/09/13/1
http://www.securityfocus.com/bid/55508
cpe:2.3:a:apache:axis2:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:axis2:-:*:*:*:*:*:*:*
CVE-2012-4418 https://nvd.nist.gov/vuln/detail/CVE-2012-4418
GHSA-88r4-38gc-97p4 https://github.com/advisories/GHSA-88r4-38gc-97p4
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2012-4418
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.13747
EPSS Score 0.00054
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.