Apache Axis2 XML Signature Wrapping Security Vulnerability
The information has been provided by Joerg Schwen.
The original article can be found at: https://bugzilla.redhat.com/show_bug.cgi?id=856755
* Apache Axis2
Successful exploits may allow unauthenticated attackers to construct specially crafted messages that can be successfully verified and contain arbitrary content. This may aid in further attacks.
Apache Axis2, a web services, SOAP, and WSDL engine allows remote attackers to forge messages and bypass authentication via ‘XML Signature wrapping attack’.
Published: Sep 12 2012
Updated: Oct 11 2012