CVE-2012-2378 is a vulnerability in Apache CXF
Published on January 5, 2013

Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite, (2) SignedParts, (3) SignedElements, (4) EncryptedParts, and (5) EncryptedElements policies.

Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2012-2378

Want to know whenever a new CVE is published for Apache CXF? stack.watch will email you.

Apache CXF

Exploit Probability

EPSS

4.24%

Percentile

88.61%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2012-2378 is a vulnerability in Apache CXFPublished on January 5, 2013

Products Associated with CVE-2012-2378

Exploit Probability

CVE-2012-2378 is a vulnerability in Apache CXF
Published on January 5, 2013