Uploaded image for project: 'Axis2-C'
  1. Axis2-C
  2. AXIS2C-1694

CVE-2012-4418 - "XML Signature wrapping attack"

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Critical
    • Resolution: Unresolved
    • None
    • 1.7.0
    • None
    • None

    Description

      Common Vulnerabilities and Exposures assigned an identifier CVE-2012-4418 to
      the following vulnerability:

      Name: CVE-2012-4418
      URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4418
      Assigned: 20120821
      Reference: http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf

      Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."

      Attachments

        Issue Links

          is a clone of

          Bug - A problem which impairs or prevents the functions of the product. AXIS2C-1607 CVE-2012-5351 - "Signature exclusion attack," a different vulnerability than CVE-2012-4418

          • Critical - Crashes, loss of data, severe memory leak.
          • Open
          relates to

          Bug - A problem which impairs or prevents the functions of the product. AXIS2C-1607 CVE-2012-5351 - "Signature exclusion attack," a different vulnerability than CVE-2012-4418

          • Critical - Crashes, loss of data, severe memory leak.
          • Open

          Activity

            People

              Unassigned Unassigned
              mckornfield Matthew Kornfield
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated: