Vulnerability Details : CVE-2012-5575
Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic algorithms than intended and makes it easier to decrypt communications, aka "XML Encryption backwards compatibility attack."
Products affected by CVE-2012-5575
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_portal_platform:4.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_fuse_esb_enterprise:7.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cxf:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cxf:2.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cxf:2.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cxf:2.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cxf:2.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cxf:2.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cxf:2.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cxf:2.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cxf:2.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cxf:2.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cxf:2.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cxf:2.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cxf:2.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cxf:2.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cxf:2.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cxf:2.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cxf:2.5.9:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cxf:2.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cxf:2.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cxf:2.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cxf:2.6.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-5575
0.25%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 64 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-5575
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.4
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:P/A:N |
10.0
|
4.9
|
NIST |
CWE ids for CVE-2012-5575
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-5575
-
https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html-Apache Mail Archives
-
http://rhn.redhat.com/errata/RHSA-2013-0834.html
RHSA-2013:0834 - Security Advisory - Red Hat Customer Portal
-
http://rhn.redhat.com/errata/RHSA-2013-0876.html
Red Hat Customer PortalVendor Advisory
-
https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html-Apache Mail Archives
-
http://rhn.redhat.com/errata/RHSA-2013-0943.html
Red Hat Customer PortalVendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2013-1437.html
Red Hat Customer Portal
-
https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html-Apache Mail Archives
-
https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html-Apache Mail Archives
-
http://cxf.apache.org/cve-2012-5575.html
Apache CXF -- CVE-2012-5575
-
http://rhn.redhat.com/errata/RHSA-2013-0875.html
RHSA-2013:0875 - Security Advisory - Red Hat Customer Portal
-
http://www.securityfocus.com/bid/60043
JBoss Enterprise Application Platform CVE-2012-5575 Information Disclosure Vulnerability
-
https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.htm
-
http://rhn.redhat.com/errata/RHSA-2013-0874.html
RHSA-2013:0874 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=880443
880443 – (CVE-2012-5575) CVE-2012-5575 jbossws-native, jbossws-cxf, apache-cxf: XML encryption backwards compatibility attacks
-
http://rhn.redhat.com/errata/RHSA-2013-0873.html
RHSA-2013:0873 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2013-1143.html
Red Hat Customer PortalVendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2013-0833.html
RHSA-2013:0833 - Security Advisory - Red Hat Customer Portal
-
http://www.nds.ruhr-uni-bochum.de/research/publications/backwards-compatibility/
Publications - Ruhr-Universität Bochum
-
http://rhn.redhat.com/errata/RHSA-2013-0839.html
RHSA-2013:0839 - Security Advisory - Red Hat Customer Portal
-
http://rhn.redhat.com/errata/RHSA-2013-1028.html
RHSA-2013:1028 - Security Advisory - Red Hat Customer Portal
-
https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html-Apache Mail Archives
Jump to