Uploaded image for project: 'Axis2-C'
  1. Axis2-C
  2. AXIS2C-1607

CVE-2012-5351 - "Signature exclusion attack," a different vulnerability than CVE-2012-4418

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Critical
    • Resolution: Unresolved
    • None
    • 1.7.0
    • None
    • None

    Description

      Common Vulnerabilities and Exposures assigned an identifier CVE-2012-5351 to
      the following vulnerability:

      Name: CVE-2012-5351
      URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5351
      Assigned: 20121009
      Reference: http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf

      Apache Axis2 allows remote attackers to forge messages and bypass
      authentication via a SAML assertion that lacks a Signature element,
      aka a "Signature exclusion attack," a different vulnerability than
      CVE-2012-4418.

      Attachments

        Issue Links

          blocks

          Improvement - An improvement or enhancement to an existing feature or task. AXIS2C-1681 Apache Axis2C Roadmap 1.7 Planning

          • Major - Major loss of function.
          • Open
          is cloned by

          Bug - A problem which impairs or prevents the functions of the product. AXIS2C-1694 CVE-2012-4418 - "XML Signature wrapping attack"

          • Critical - Crashes, loss of data, severe memory leak.
          • Open
          is related to

          Bug - A problem which impairs or prevents the functions of the product. AXIS2C-1694 CVE-2012-4418 - "XML Signature wrapping attack"

          • Critical - Crashes, loss of data, severe memory leak.
          • Open

          Activity

            People

              Unassigned Unassigned
              iamfuzz Brian Thomason
              Votes:
              2 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated: