Uploaded image for project: 'Axis2-C'
  1. Axis2-C
  2. AXIS2C-1694

CVE-2012-4418 - "XML Signature wrapping attack"

Attach filesAttach ScreenshotAdd voteVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Critical
    • Resolution: Unresolved
    • None
    • 1.7.0
    • None
    • None

    Description

      Common Vulnerabilities and Exposures assigned an identifier CVE-2012-4418 to
      the following vulnerability:

      Name: CVE-2012-4418
      URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4418
      Assigned: 20120821
      Reference: http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf

      Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."

      Attachments

        Issue Links

        is a clone of

        Bug - A problem which impairs or prevents the functions of the product. AXIS2C-1607 CVE-2012-5351 - "Signature exclusion attack," a different vulnerability than CVE-2012-4418

        • Critical - Crashes, loss of data, severe memory leak.
        • Open
        relates to

        Bug - A problem which impairs or prevents the functions of the product. AXIS2C-1607 CVE-2012-5351 - "Signature exclusion attack," a different vulnerability than CVE-2012-4418

        • Critical - Crashes, loss of data, severe memory leak.
        • Open

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            Unassigned Unassigned
            mckornfield Matthew Kornfield
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:

              Slack

                Issue deployment