Apache Axis2 XML Signature Wrapping Security Vulnerability

Summary

Apache Axis2 is prone to a security vulnerability involving XML signature wrapping.

Credit:

The information has been provided by Joerg Schwen.
The original article can be found at: https://bugzilla.redhat.com/show_bug.cgi?id=856755


Details

Vulnerable Systems:
 * Apache Axis2

Successful exploits may allow unauthenticated attackers to construct specially crafted messages that can be successfully verified and contain arbitrary content. This may aid in further attacks.

Apache Axis2, a web services, SOAP, and WSDL engine allows remote attackers to forge messages and bypass authentication via ‘XML Signature wrapping attack’.

CVE Information:
CVE-2012-4418

Disclosure Timeline:
Published: Sep 12 2012
Updated: Oct 11 2012

Categories: News