Skip to main content

Axis2

3 CVEs product

Monthly

CVE-2012-5785 Maven MEDIUM POC PATCH This Month

Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available.

Apache Information Disclosure Java Axis2
NVD
CVSS 2.0
5.8
EPSS
0.5%
CVE-2012-5351 Maven MEDIUM PATCH This Month

Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Apache Authentication Bypass Axis2
NVD
CVSS 2.0
6.4
EPSS
0.3%
CVE-2012-4418 Maven MEDIUM POC PATCH This Month

Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack.". Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available.

Apache Authentication Bypass Axis2
NVD
CVSS 2.0
5.8
EPSS
0.3%
EPSS 0% CVSS 5.8
MEDIUM POC PATCH This Month

Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available.

Apache Information Disclosure Java +1
NVD
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Apache Authentication Bypass Axis2
NVD
EPSS 0% CVSS 5.8
MEDIUM POC PATCH This Month

Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack.". Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available.

Apache Authentication Bypass Axis2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy