You are here

V-089: Apache CXF SOAP URIMappingInterceptor and Plaintext UsernameTokens Security Issues

February 12, 2013 - 12:26am

Addthis

PROBLEM:

Apache CXF SOAP URIMappingInterceptor and Plaintext UsernameTokens Security Issues

PLATFORM:

Apache CXF 2.x

ABSTRACT:

Two security issues have been reported in Apache CXF

REFERENCE LINKS:

Apache CXF  Security Advisories CVE-2012-5633
Apache CXF  Security Advisories CVE-2013-0239
Secunia Advisory SA51988
CVE-2012-5633
CVE-2013-0239

IMPACT ASSESSMENT:

Medium

DISCUSSION:

1) An error when handling HTTP GET requests via the URIMappingInterceptor can be exploited to bypass WS-Security processing and access otherwise restricted SOAP services.

Successful exploitation of this security issue requires that the service is secured via WSS4JInInterceptor and is not protected by WS-SecurityPolicy.

This security issue is reported in versions prior to 2.5.8, 2.6.5, and 2.7.2.

2) An error when handling WS-SecurityPolicy enabled plaintext UsernameTokens can be exploited to bypass authentication by not providing a password child element within the security header of a SOAP request.

This security issue is reported in versions prior to 2.5.9, 2.6.6, and 2.7.3.

IMPACT:

Apache CXF can be exploited by malicious people to bypass certain security restrictions.

SOLUTION:

Users of CXF prior to 2.5.x should upgrade to either 2.5.9, 2.6.6, or 2.7.3.

Addthis