You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by bu...@apache.org on 2012/12/12 12:48:03 UTC
svn commit: r841854 - in /websites/production/cxf/content:
cache/main.pageCache security-advisories.html
Author: buildbot
Date: Wed Dec 12 11:48:02 2012
New Revision: 841854
Log:
Production update by buildbot for cxf
Modified:
websites/production/cxf/content/cache/main.pageCache
websites/production/cxf/content/security-advisories.html
Modified: websites/production/cxf/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.
Modified: websites/production/cxf/content/security-advisories.html
==============================================================================
--- websites/production/cxf/content/security-advisories.html (original)
+++ websites/production/cxf/content/security-advisories.html Wed Dec 12 11:48:02 2012
@@ -136,7 +136,7 @@ Apache CXF -- Security Advisories
<td height="100%">
<!-- Content -->
<div class="wiki-content">
-<div id="ConfluenceContent"><ul><li><a shape="rect" href="note-on-cve-2011-2487.html" title="Note on CVE-2011-2487">Note on CVE-2011-2487</a> - jbossws: Prone to Bleichenbacher attack against to be distributed symmetric key.</li><li><a shape="rect" href="cve-2012-3451.html" title="CVE-2012-3451">CVE-2012-3451</a> - Apache CXF is vulnerable to SOAP Action spoofing attacks on Document Literal web services.</li><li><a shape="rect" href="cve-2012-2379.html" title="CVE-2012-2379">CVE-2012-2379</a> - Apache CXF does not verify that elements were signed or encrypted by a particular Supporting Token.</li><li><a shape="rect" href="cve-2012-2378.html" title="CVE-2012-2378">CVE-2012-2378</a> - Apache CXF does not pick up some child policies of WS-SecurityPolicy 1.1 SupportingToken policy assertions on the client side.</li><li><a shape="rect" href="note-on-cve-2011-1096.html" title="Note on CVE-2011-1096">Note on CVE-2011-1096</a> - XML Encryption flaw / Character pattern encoding attac
k.</li><li><a shape="rect" href="cve-2012-0803.html" title="CVE-2012-0803">CVE-2012-0803</a> - Apache CXF does not validate UsernameToken policies correctly.</li><li><a shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/cxf/trunk/security/CVE-2010-2076.pdf">CVE-2010-2076</a> - DTD based XML attacks.</li></ul>
+<div id="ConfluenceContent"><ul><li><a shape="rect" href="note-on-cve-2011-2487.html" title="Note on CVE-2011-2487">Note on CVE-2011-2487</a> - Bleichenbacher attack against distributed symmetric key in WS-Security.</li><li><a shape="rect" href="cve-2012-3451.html" title="CVE-2012-3451">CVE-2012-3451</a> - Apache CXF is vulnerable to SOAP Action spoofing attacks on Document Literal web services.</li><li><a shape="rect" href="cve-2012-2379.html" title="CVE-2012-2379">CVE-2012-2379</a> - Apache CXF does not verify that elements were signed or encrypted by a particular Supporting Token.</li><li><a shape="rect" href="cve-2012-2378.html" title="CVE-2012-2378">CVE-2012-2378</a> - Apache CXF does not pick up some child policies of WS-SecurityPolicy 1.1 SupportingToken policy assertions on the client side.</li><li><a shape="rect" href="note-on-cve-2011-1096.html" title="Note on CVE-2011-1096">Note on CVE-2011-1096</a> - XML Encryption flaw / Character pattern encoding attack.</li><l
i><a shape="rect" href="cve-2012-0803.html" title="CVE-2012-0803">CVE-2012-0803</a> - Apache CXF does not validate UsernameToken policies correctly.</li><li><a shape="rect" class="external-link" href="http://svn.apache.org/repos/asf/cxf/trunk/security/CVE-2010-2076.pdf">CVE-2010-2076</a> - DTD based XML attacks.</li></ul>
</div>
</div>
<!-- Content -->