Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before 2.7.10, when EncryptBeforeSigning is enabled and the UsernameToken policy is set to an EncryptedSupportingToken, transmits the UsernameToken in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apache CXF 加密问题漏洞
Vulnerability Description
Apache CXF是美国阿帕奇(Apache)软件基金会的一个开源的Web服务框架。该框架支持多种Web服务标准、多种前端编程API等。 Apache CXF 2.6.12及之前的版本和2.7.10之前的2.7.x版本中的SymmetricBinding存在安全漏洞,该漏洞源于程序使用EncryptBeforeSigning并将UsernameToken策略设置为‘EncryptedSupportingToken’时,以明文方式传输UsernameToken。远程攻击者可通过嗅探网络利用该漏洞获取敏感信
CVSS Information
N/A
Vulnerability Type
N/A