Axis2
CVE-2012-4418
MEDIUM
Severity by source
AV:N/AC:M/Au:N/C:P/I:P/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:M/Au:N/C:P/I:P/A:N
Lifecycle Timeline
1Blast Radius
ecosystem impact- 9 maven packages depend on org.apache.axis2:axis2 (6 direct, 3 indirect)
Ecosystem-wide dependent count for version 1.7.9.
DescriptionCVE.org
Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
AnalysisAI
Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack.". Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available.
Technical ContextAI
This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack." Affected products include: Apache Axis2.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.
Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Comm
Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signa
Same weakness CWE-287 – Improper Authentication
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today