Release date:
Updated on:
Affected Systems:
Apache Group CXF 2.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 55628
Cve id: CVE-2012-3451
Apache CXF is an open-source service framework used to compile and develop services using front-end programming APIs such as JAX-WS and JAX-RS.
Apache CXF has a security vulnerability that allows attackers to perform SOAP Action spoofing and man-in-the-middle attacks. This vulnerability occurs because the SOAP Action string in the SOAP request header does not correctly verify the subject data.
<* Source: vendor.
Link: http://secunia.com/advisories/50664/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Apache Group
------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://httpd.apache.org/