Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apache CXF 安全漏洞
Vulnerability Description
Apache CXF是美国阿帕奇(Apache)软件基金会的一个开源的Web服务框架。该框架支持多种Web服务标准、多种前端编程API等。 Apache CXF 2.4.8之前的2.4.x版本、2.5.4之前的2.5.x版本、2.6.1之前的2.6.x版本中存在安全漏洞,该漏洞源于Supporting Token指定子WS-SecurityPolicy 1.1或1.2版本政策时,没有正确保证XML元素被签名或加密。攻击者利用该漏洞产生未明影响和攻击向量。
CVSS Information
N/A
Vulnerability Type
N/A