Vulnerability Details : CVE-2012-2379
Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
Exploit prediction scoring system (EPSS) score for CVE-2012-2379
Probability of exploitation activity in the next 30 days: 0.83%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 80 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-2379
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
References for CVE-2012-2379
-
http://rhn.redhat.com/errata/RHSA-2012-1591.html
RHSA-2012:1591 - Security Advisory - Red Hat Customer Portal
-
http://svn.apache.org/viewvc?view=revision&revision=1338219
[Apache-SVN] Revision 1338219
-
http://rhn.redhat.com/errata/RHSA-2013-0194.html
RHSA-2013:0194 - Security Advisory - Red Hat Customer Portal
-
http://rhn.redhat.com/errata/RHSA-2013-0196.html
RHSA-2013:0196 - Security Advisory - Red Hat Customer Portal
-
https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html-Apache Mail Archives
-
http://rhn.redhat.com/errata/RHSA-2013-0197.html
Red Hat Customer Portal
-
http://rhn.redhat.com/errata/RHSA-2013-0191.html
RHSA-2013:0191 - Security Advisory - Red Hat Customer Portal
-
http://rhn.redhat.com/errata/RHSA-2013-0193.html
Red Hat Customer Portal
-
https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html-Apache Mail Archives
-
https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html-Apache Mail Archives
-
https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html-Apache Mail Archives
-
http://rhn.redhat.com/errata/RHSA-2013-0195.html
RHSA-2013:0195 - Security Advisory - Red Hat Customer Portal
-
http://rhn.redhat.com/errata/RHSA-2012-1593.html
RHSA-2012:1593 - Security Advisory - Red Hat Customer Portal
-
http://rhn.redhat.com/errata/RHSA-2012-1592.html
RHSA-2012:1592 - Security Advisory - Red Hat Customer Portal
-
https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.htm
-
http://cxf.apache.org/cve-2012-2379.html
Apache CXF -- CVE-2012-2379Patch;Vendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2013-0192.html
RHSA-2013:0192 - Security Advisory - Red Hat Customer Portal
-
http://rhn.redhat.com/errata/RHSA-2012-1559.html
Red Hat Customer Portal
-
http://rhn.redhat.com/errata/RHSA-2013-0198.html
RHSA-2013:0198 - Security Advisory - Red Hat Customer Portal
-
http://rhn.redhat.com/errata/RHSA-2012-1594.html
RHSA-2012:1594 - Security Advisory - Red Hat Customer Portal
-
http://rhn.redhat.com/errata/RHSA-2012-1573.html
Red Hat Customer Portal
-
https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html-Apache Mail Archives
Products affected by CVE-2012-2379
- cpe:2.3:a:apache:cxf:2.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cxf:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cxf:2.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cxf:2.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cxf:2.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cxf:2.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cxf:2.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cxf:2.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cxf:2.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cxf:2.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cxf:2.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cxf:2.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cxf:2.5.0:*:*:*:*:*:*:*