CVE-2012-2379 is a vulnerability in Apache CXF
Published on January 3, 2013

Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2012-2379

Want to know whenever a new CVE is published for Apache CXF? stack.watch will email you.

Apache CXF

Exploit Probability

EPSS

3.75%

Percentile

87.86%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2012-2379 is a vulnerability in Apache CXFPublished on January 3, 2013

Products Associated with CVE-2012-2379

Exploit Probability

CVE-2012-2379 is a vulnerability in Apache CXF
Published on January 3, 2013