CVE-2012-3451: SOAPAction spoofing on document literal web services

September 24, 2012 (updated December 4, 2018)

This package allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.

References

cxf.apache.org/cve-2012-3451.html
svn.apache.org/viewvc?view=revision&revision=1368559
bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3451

Code Behaviors & Features

Detect and mitigate CVE-2012-3451 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →