1. Home
  2. CVE Database
  3. CVE-2012-5575
MEDIUM · 6.4

CVE-2012-5575

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definitio...

Vulnerability Description

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic algorithms than intended and makes it easier to decrypt communications, aka "XML Encryption backwards compatibility attack."

CVSS Score

6.4

MEDIUM

AV:N/AC:L/Au:N/C:P/I:P/A:N
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
NONE

Affected Products

VendorProductVersions
ApacheCxf2.5.0
RedhatJboss Enterprise Application Platform5.0.0
RedhatJboss Enterprise Portal Platform4.3.0
RedhatJboss Enterprise Soa Platform4.3.0
RedhatJboss Enterprise Web Platform5.2.0
RedhatJboss Fuse Esb Enterprise7.1.0

Related Weaknesses (CWE)

CWE-310

References

FAQ

What is CVE-2012-5575?

CVE-2012-5575 is a vulnerability with a CVSS score of 6.4 (MEDIUM). Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definitio...

How severe is CVE-2012-5575?

CVE-2012-5575 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2012-5575?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Cxf, Redhat Jboss Enterprise Application Platform, Redhat Jboss Enterprise Portal Platform, Redhat Jboss Enterprise Soa Platform, Redhat Jboss Enterprise Web Platform.