You are here

U-266: Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions

September 24, 2012 - 6:00am

Addthis

PROBLEM:

Apache CXF Lets Remote Authenticated Users Execute Unauthorized SOAP Actions

PLATFORM:

This vulnerability affects all released versions of Apache CXF.

ABSTRACT:

A vulnerability was reported in Apache CXF

reference LINKS:

SecurityTracker Alert ID:  1027554
Apache CXF Security Advisories
Apache CXF Advisory -  CVE-2012-3451
CVE-2012-3451

IMPACT ASSESSMENT:

High

Discussion:

A vulnerability was reported in Apache CXF. A remote authenticated user can execute unauthorized commands on the target web service.

Impact:  

A remote authenticated user can execute potentially unauthorized actions on the target web service.

Solution:

The vendor has issued a fix: Revision 1368559

Addthis