Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
Max CVSS
6.4
EPSS Score
0.18%
Published
2012-10-09
Updated
2022-04-20
Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
Max CVSS
5.8
EPSS Score
0.36%
Published
2012-10-09
Updated
2013-01-30
2 vulnerabilities found