Rapid7 Vulnerability & Exploit Database

Red Hat JBoss: CVE-2012-5575: A remote attacker could use this flaw to add, delete, and modify items in the JNDI tree.

Back to Search

Red Hat JBoss: CVE-2012-5575: A remote attacker could use this flaw to add, delete, and modify items in the JNDI tree.

Severity
6
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:N)
Published
08/19/2013
Created
07/25/2018
Added
08/01/2017
Modified
08/01/2017

Description

Apache CFX 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic algorithms than intended and makes it easier to decrypt communications, aka "XML Encryption backwards compatibility attack."

Solution(s)

  • jboss_enterprise_application_platform-cve-2012-5575-1

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;