Missing Cryptographic Step
CVE-2012-2379
Summary
Apache CXF versions prior to 2.4.8, 2.5.x prior to 2.5.4, and 2.6.x prior to 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
- LOW
- NETWORK
- NONE
- COMPLETE
- COMPLETE
- COMPLETE
CWE-325 - Missing Cryptographic Step
The product does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than advertised by the algorithm.
Advisory Timeline
- Published
