You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 11 Next »

  • CVE-2013-0239 - Authentication bypass in the case of WS-SecurityPolicy enabled plaintext UsernameTokens.
  • CVE-2012-5633 - WSS4JInInterceptor always allows HTTP Get requests from browser.
  • Note on CVE-2011-2487 - Bleichenbacher attack against distributed symmetric key in WS-Security.
  • CVE-2012-3451 - Apache CXF is vulnerable to SOAP Action spoofing attacks on Document Literal web services.
  • CVE-2012-2379 - Apache CXF does not verify that elements were signed or encrypted by a particular Supporting Token.
  • CVE-2012-2378 - Apache CXF does not pick up some child policies of WS-SecurityPolicy 1.1 SupportingToken policy assertions on the client side.
  • Note on CVE-2011-1096 - XML Encryption flaw / Character pattern encoding attack.
  • CVE-2012-0803 - Apache CXF does not validate UsernameToken policies correctly.
  • CVE-2010-2076 - DTD based XML attacks.
  • No labels