| Max CVSS | 5.8 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2012-5633 | 5.8 |
The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET requ
|
13-02-2023 - 00:26 | 12-03-2013 - 23:55 | |
| CVE-2012-3451 | 4.3 |
Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
|
13-02-2023 - 00:25 | 24-09-2012 - 17:55 | |
| CVE-2012-5885 | 5.0 |
The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce)
|
19-09-2017 - 01:35 | 17-11-2012 - 19:55 | |
| CVE-2012-5886 | 5.0 |
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers t
|
29-08-2017 - 01:32 | 17-11-2012 - 19:55 | |
| CVE-2012-5887 | 5.0 |
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it e
|
29-08-2017 - 01:32 | 17-11-2012 - 19:55 |