Red Hat Bugzilla – Bug 865168
CVE-2012-5351 axis2: vulnerable to authentication bypass and forged messages due to a Signature exclusion attack
Last modified: 2013-03-08 00:45:23 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2012-5351 to
the following vulnerability:
Apache Axis2 allows remote attackers to forge messages and bypass
authentication via a SAML assertion that lacks a Signature element,
aka a "Signature exclusion attack," a different vulnerability than
This bug's summary seems to disagree with its description about which CVE this is. Would I be correct in assuming that the latter is the correct one, or are we facing two different bugs here?
(In reply to comment #1)
> This bug's summary seems to disagree with its description about which CVE
> this is. Would I be correct in assuming that the latter is the correct one,
> or are we facing two different bugs here?
Well spotted, Garrett. I have edited this bug to refer to the correct CVE ID (CVE-2012-5351).
Created axis2 tracking bugs for this issue
Affects: fedora-17 [bug 919325]
Not Vulnerable. This issue does not affect the version of axis as shipped with JBoss Developer Studio 5 and 6, JBoss Enterprise Portal Platform 5.2.2 and 6.0.0, Red Hat Enterprise Linux 5 and 6, and Red Hat Enterprise Virtualization Manager 3.1.