Common Vulnerabilities and Exposures assigned an identifier CVE-2012-5351 to the following vulnerability: Name: CVE-2012-5351 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5351 Assigned: 20121009 Reference: http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf Apache Axis2 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack," a different vulnerability than CVE-2012-4418.
This bug's summary seems to disagree with its description about which CVE this is. Would I be correct in assuming that the latter is the correct one, or are we facing two different bugs here?
(In reply to comment #1) > This bug's summary seems to disagree with its description about which CVE > this is. Would I be correct in assuming that the latter is the correct one, > or are we facing two different bugs here? Well spotted, Garrett. I have edited this bug to refer to the correct CVE ID (CVE-2012-5351).
Created axis2 tracking bugs for this issue Affects: fedora-17 [bug 919325]
Statement: Not Vulnerable. This issue does not affect the version of axis as shipped with JBoss Developer Studio 5 and 6, JBoss Enterprise Portal Platform 5.2.2 and 6.0.0, Red Hat Enterprise Linux 5 and 6, and Red Hat Enterprise Virtualization Manager 3.1.