Vulnerability Description
Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
CVSS Score
6.4
MEDIUM
AV:N/AC:L/Au:N/C:P/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Axis2 | - |
Related Weaknesses (CWE)
References
- http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pd
- https://exchange.xforce.ibmcloud.com/vulnerabilities/79487
- https://www.oracle.com/security-alerts/cpuapr2022.html
- http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pd
- https://exchange.xforce.ibmcloud.com/vulnerabilities/79487
- https://www.oracle.com/security-alerts/cpuapr2022.html
FAQ
What is CVE-2012-5351?
CVE-2012-5351 is a vulnerability with a CVSS score of 6.4 (MEDIUM). Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than...
How severe is CVE-2012-5351?
CVE-2012-5351 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-5351?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Axis2.