CVE-2012-5575 Description Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic algorithms than intended and makes it easier to decrypt communications, aka "XML Encryption backwards compatibility attack." Mitigation We recommend upgrading to a version of this component that is not vulnerable to this specific issue. Related links: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5575 https://cxf.apache.org/cve-2012-5575.html https://bugzilla.redhat.com/show_bug.cgi?id=880443 Project Category n/a Tags data functional Date Disclosed 2013-08-19 Date Discovered 2012-10-24 JTVCYnJhbmNoX2xpc3QlNUQlNUIlMkZicmFuY2hfbGlzdCU1RA== Feel Vulnerable?  Contact us…

CVE-2012-4431 Description org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier. Mitigation We recommend upgrading to a version of this component that is not vulnerable to this specific issue. Related links: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4431 https://rhn.redhat.com/errata/RHSA-2013-0268.html Project Category n/a Tags data functional Date Disclosed 2012-12-19 Date Discovered 2012-08-21 JTVCYnJhbmNoX2xpc3QlNUQlNUIlMkZicmFuY2hfbGlzdCU1RA== Feel Vulnerable?  Contact us so we can help you.

CVE-2012-0881 Description Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions. Mitigation We recommend upgrading to a version of this component that is not vulnerable to this specific issue. Related links: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0881 https://issues.apache.org/jira/browse/XERCESJ-1685 Project Category n/a Tags data functional Date Disclosed 2017-10-30 Date Discovered 2012-01-19 JTVCYnJhbmNoX2xpc3QlNUQlNUIlMkZicmFuY2hfbGlzdCU1RA== Feel Vulnerable?  Contact us so we can help you.

CVE-2011-5064 Description DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184. Related links: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5064 http://tomcat.apache.org/security-6.html Project Category n/a Tags data functional Date Disclosed 2012-01-14 Date Discovered 2012-01-14 JTVCYnJhbmNoX2xpc3QlNUQlNUIlMkZicmFuY2hfbGlzdCU1RA== Feel Vulnerable?  Contact us so we can help you.

CVE-2011-5063 Description The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184. Related links: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5063 Project Category n/a Tags data functional Date Disclosed 2012-01-14 Date Discovered 2012-01-14 JTVCYnJhbmNoX2xpc3QlNUQlNUIlMkZicmFuY2hfbGlzdCU1RA== Feel Vulnerable?  Contact us so we can help you.