CVE-2012-5575
medium
CVSS v3
—
CVSS v2
6.4
VIR risk
6.4
Description
Inadequate Encryption Strength in Apache CXF
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: secalert@redhat.com — http://rhn.redhat.com/errata/RHSA-2013-1143.html
Vendor advisory: secalert@redhat.com — http://rhn.redhat.com/errata/RHSA-2013-0943.html
Vendor advisory: secalert@redhat.com — http://rhn.redhat.com/errata/RHSA-2013-0876.html
Vendor advisory: secalert@redhat.com — http://rhn.redhat.com/errata/RHSA-2013-0874.html
Vendor advisory: secalert@redhat.com — http://rhn.redhat.com/errata/RHSA-2013-0873.html
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | org.apache.cxf:cxf-rt-transports-http | >=2.5.0,<2.5.10 | 2.5.10 |
| Maven | org.apache.cxf:cxf-rt-transports-http | >=2.6.0,<2.6.7 | 2.6.7 |
| Maven | org.apache.cxf:cxf-rt-transports-http | >=2.7.0,<2.7.4 | 2.7.4 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| apache | cxf | 2.5.3 | |
| apache | cxf | 2.5.0 | |
| apache | cxf | 2.5.1 | |
| apache | cxf | 2.5.2 | |
| apache | cxf | 2.5.4 | |
| apache | cxf | 2.5.5 | |
| apache | cxf | 2.5.6 | |
| apache | cxf | 2.5.7 | |
| apache | cxf | 2.5.8 | |
| apache | cxf | 2.5.9 | |
| apache | cxf | 2.6.0 | |
| apache | cxf | 2.6.1 | |
| apache | cxf | 2.6.2 | |
| apache | cxf | 2.6.3 | |
| apache | cxf | 2.6.4 | |
| apache | cxf | 2.6.5 | |
| apache | cxf | 2.6.6 | |
| apache | cxf | 2.7.0 | |
| apache | cxf | 2.7.1 | |
| apache | cxf | 2.7.2 | |
| apache | cxf | 2.7.3 | |
| redhat | jboss_enterprise_application_platform | 5.0.0 | |
| redhat | jboss_enterprise_portal_platform | 4.3.0 | |
| redhat | jboss_enterprise_soa_platform | 4.3.0 | |
| redhat | jboss_enterprise_web_platform | 5.2.0 | |
| redhat | jboss_fuse_esb_enterprise | 7.1.0 | |
References
- http://cxf.apache.org/cve-2012-5575.html
- http://rhn.redhat.com/errata/RHSA-2013-0833.html
- http://rhn.redhat.com/errata/RHSA-2013-0834.html
- http://rhn.redhat.com/errata/RHSA-2013-0839.html
- http://rhn.redhat.com/errata/RHSA-2013-0873.html
- http://rhn.redhat.com/errata/RHSA-2013-0874.html
- http://rhn.redhat.com/errata/RHSA-2013-0875.html
- http://rhn.redhat.com/errata/RHSA-2013-0876.html
- http://rhn.redhat.com/errata/RHSA-2013-0943.html
- http://rhn.redhat.com/errata/RHSA-2013-1028.html
- http://rhn.redhat.com/errata/RHSA-2013-1143.html
- http://rhn.redhat.com/errata/RHSA-2013-1437.html
- http://www.nds.ruhr-uni-bochum.de/research/publications/backwards-compatibility/
- http://www.securityfocus.com/bid/60043
- https://bugzilla.redhat.com/show_bug.cgi?id=880443
- https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
- https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
- https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
- https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
- https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
- https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
- https://nvd.nist.gov/vuln/detail/CVE-2012-5575
- https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
- https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E
- https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
CWEs
CWE-310
Verify integrity in audit chain (admin only). AS-IS.