Moderate severityNVD Advisory· Published Oct 9, 2012· Updated Apr 29, 2026
CVE-2012-4418
CVE-2012-4418
Description
Apache Axis2 allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.axis2:axis2Maven | < 1.7.9 | 1.7.9 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdfnvdExploitWEB
- github.com/advisories/GHSA-88r4-38gc-97p4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2012-4418ghsaADVISORY
- www.openwall.com/lists/oss-security/2012/09/12/1nvdWEB
- www.openwall.com/lists/oss-security/2012/09/13/1nvdWEB
- bugzilla.redhat.com/show_bug.cginvdWEB
- issues.apache.org/jira/browse/AXIS2-5930ghsaWEB
- issues.apache.org/jira/browse/AXIS2C-1694ghsaWEB
- web.archive.org/web/20121114075457/http://www.securityfocus.com/bid/55508ghsaWEB
- www.securityfocus.com/bid/55508nvd
News mentions
0No linked articles in our index yet.