Apache CXF is vulnerable to SOAPAction spoofing attacks under certain conditions. If web services are exposed via Apache CXF that use a unique SOAPAction for each service operation, then a remote attacker could perform SOAPAction spoofing to call a forbidden operation if it accepts the same parameters as an allowed operation. WS-Policy validation is performed against the operation being invoked, and an attack must pass validation to be successful.
This is now public via upstream advisory: [1] http://cxf.apache.org/cve-2012-3451.html Relevant upstream patch: [2] http://svn.apache.org/viewvc?view=revision&revision=1368559
This issue affects the version of the jbossws-cxf package, as shipped with Fedora release of 17. Please schedule an update.
Created jbossws-cxf tracking bugs for this issue Affects: fedora-17 [bug 858781]
Acknowledgements: Red Hat would like to thank the Apache CXF project for reporting this issue.
This issue has been addressed in following products: JBEAP 6 for RHEL 5 Via RHSA-2012:1591 https://rhn.redhat.com/errata/RHSA-2012-1591.html
This issue has been addressed in following products: JBEAP 6 for RHEL 6 Via RHSA-2012:1592 https://rhn.redhat.com/errata/RHSA-2012-1592.html
This issue has been addressed in following products: JBoss Enterprise Application Platform 6.0.1 Via RHSA-2012:1594 https://rhn.redhat.com/errata/RHSA-2012-1594.html
This issue has been addressed in following products: JBoss Enterprise Application Platform 5.2.0 Via RHSA-2013:0256 https://rhn.redhat.com/errata/RHSA-2013-0256.html
This issue has been addressed in following products: JBEWP 5 for RHEL 4 JBEWP 5 for RHEL 5 JBEWP 5 for RHEL 6 Via RHSA-2013:0259 https://rhn.redhat.com/errata/RHSA-2013-0259.html
This issue has been addressed in following products: JBoss Enterprise Web Platform 5.2.0 Via RHSA-2013:0258 https://rhn.redhat.com/errata/RHSA-2013-0258.html
This issue has been addressed in following products: JBEAP 5 for RHEL 4 JBEAP 5 for RHEL 5 JBEAP 5 for RHEL 6 Via RHSA-2013:0257 https://rhn.redhat.com/errata/RHSA-2013-0257.html
This issue has been addressed in following products: JBoss Enterprise SOA Platform 5.3.1 Via RHSA-2013:0726 https://rhn.redhat.com/errata/RHSA-2013-0726.html
This issue has been addressed in following products: JBoss Enterprise BRMS Platform 5.3.1 Via RHSA-2013:0743 https://rhn.redhat.com/errata/RHSA-2013-0743.html