VDB
CVE-2012-5575
CVE-2012-5575
PUBLISHED
Reported by redhat · Published August 19, 2013
Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic algorithms than intended and makes it easier to decrypt communications, aka "XML Encryption backwards compatibility attack."
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| Maven | org.apache.cxf:cxf-rt-transports-http | 2.5.0, 2.5.0 |
| n/a | n/a | n/a, n/a, n/a |
Exploit Intelligence
- tafamace/CVE-2012-5575 (github-poc)
- tafamace/CVE-2012-5575 (github-poc)
- tafamace/CVE-2012-5575 (github-poc)
- tafamace/CVE-2012-5575 (github-poc)
Timeline
- Aug 19, 2013 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 16, 2023 EPSS Score
- Sep 7, 2023 EPSS Score
- Dec 21, 2023 EPSS Score
References
- RHSA-2013:0943 vendor-advisoryx_refsource_REDHAT
- x_refsource_CONFIRM
- RHSA-2013:0839 vendor-advisoryx_refsource_REDHAT
- RHSA-2013:0875 vendor-advisoryx_refsource_REDHAT
- 60043 vdb-entryx_refsource_BID
- x_refsource_MISC
- RHSA-2013:0833 vendor-advisoryx_refsource_REDHAT
- RHSA-2013:1437 vendor-advisoryx_refsource_REDHAT
- x_refsource_CONFIRM
- RHSA-2013:1143 vendor-advisoryx_refsource_REDHAT
- RHSA-2013:0876 vendor-advisoryx_refsource_REDHAT
- RHSA-2013:1028 vendor-advisoryx_refsource_REDHAT
- RHSA-2013:0834 vendor-advisoryx_refsource_REDHAT
- RHSA-2013:0873 vendor-advisoryx_refsource_REDHAT
- RHSA-2013:0874 vendor-advisoryx_refsource_REDHAT
- [cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html mailing-listx_refsource_MLIST
- [cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html mailing-listx_refsource_MLIST
- [cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html mailing-listx_refsource_MLIST
- [cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html mailing-listx_refsource_MLIST
- [cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html mailing-listx_refsource_MLIST
…and 9 more