PROBLEM:
Apache CXF SOAP URIMappingInterceptor and Plaintext UsernameTokens Security Issues
PLATFORM:
Apache CXF 2.x
ABSTRACT:
Two security issues have been reported in Apache CXF
REFERENCE LINKS:
Apache CXF Security Advisories CVE-2012-5633
Apache CXF Security Advisories CVE-2013-0239
Secunia Advisory SA51988
CVE-2012-5633
CVE-2013-0239
IMPACT ASSESSMENT:
Medium
DISCUSSION:
1) An error when handling HTTP GET requests via the URIMappingInterceptor can be exploited to bypass WS-Security processing and access otherwise restricted SOAP services.
Successful exploitation of this security issue requires that the service is secured via WSS4JInInterceptor and is not protected by WS-SecurityPolicy.
This security issue is reported in versions prior to 2.5.8, 2.6.5, and 2.7.2.
2) An error when handling WS-SecurityPolicy enabled plaintext UsernameTokens can be exploited to bypass authentication by not providing a password child element within the security header of a SOAP request.
This security issue is reported in versions prior to 2.5.9, 2.6.6, and 2.7.3.
IMPACT:
Apache CXF can be exploited by malicious people to bypass certain security restrictions.
SOLUTION:
Users of CXF prior to 2.5.x should upgrade to either 2.5.9, 2.6.6, or 2.7.3.