GSA_kwCzR0hTQS02NnJ4LWdxeDMtcDk4bc3mdg

Moderate EPSS: 0.0031% (0.53507 Percentile) EPSS:

Permalink JSON

Improper Authentication in Apache Axis2

Affected Packages	Affected Versions	Fixed Versions
maven:org.apache.axis2:axis2	< 1.6.4	1.6.4
33 Dependent packages 442 Dependent repositories Affected Version Ranges All affected versions 1.4.1, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.5.5, 1.5.6, 1.6.0, 1.6.1, 1.6.2, 1.6.3 All unaffected versions 1.6.4, 1.7.0, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.7.5, 1.7.6, 1.7.7, 1.7.8, 1.7.9, 1.8.0, 1.8.1, 1.8.2, 2.0.0

Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.

References:

https://nvd.nist.gov/vuln/detail/CVE-2012-5351
https://exchange.xforce.ibmcloud.com/vulnerabilities/79487
https://www.oracle.com/security-alerts/cpuapr2022.html
http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf
https://github.com/advisories/GHSA-66rx-gqx3-p98m

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories

GSA_kwCzR0hTQS02NnJ4LWdxeDMtcDk4bc3mdg

Improper Authentication in Apache Axis2

Affected Version Ranges

All affected versions

All unaffected versions

Identifiers

Risk

Severity

EPSS

Classification

Source

Origin

Date and time

Published

Updated

API