Vulnerability Details : CVE-2012-3451
Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
Vulnerability category: Input validation
Exploit prediction scoring system (EPSS) score for CVE-2012-3451
Probability of exploitation activity in the next 30 days: 0.17%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 54 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-3451
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2012-3451
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-3451
-
http://rhn.redhat.com/errata/RHSA-2012-1591.html
RHSA-2012:1591 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html-Apache Mail Archives
-
https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html-Apache Mail Archives
-
http://rhn.redhat.com/errata/RHSA-2013-0743.html
RHSA-2013:0743 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=851896
851896 – (CVE-2012-3451) CVE-2012-3451 jbossws-cxf, apache-cxf: SOAPAction spoofing on document literal web servicesIssue Tracking;Third Party Advisory
-
https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html-Apache Mail Archives
-
http://rhn.redhat.com/errata/RHSA-2013-0258.html
RHSA-2013:0258 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html-Apache Mail Archives
-
http://rhn.redhat.com/errata/RHSA-2012-1592.html
RHSA-2012:1592 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.htm
-
http://rhn.redhat.com/errata/RHSA-2013-0257.html
RHSA-2013:0257 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://svn.apache.org/viewvc?view=revision&revision=1368559
[Apache-SVN] Revision 1368559Patch;Vendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2013-0259.html
RHSA-2013:0259 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2013-0726.html
RHSA-2013:0726 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2012-1594.html
RHSA-2012:1594 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/78734
Apache CXF SOAP Action security bypass CVE-2012-3451 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://cxf.apache.org/cve-2012-3451.html
Apache CXF -- CVE-2012-3451Vendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2013-0256.html
RHSA-2013:0256 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html-Apache Mail Archives
Products affected by CVE-2012-3451
- cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*
- cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*