Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 12 Sep 2012 02:06:32 -0400 (EDT)
From: David Jorm <>
To: "oss-security " <>
Subject: CVE Request: Apache Axis2 XML Signature Wrapping Attack

Juraj Somorovsky and colleagues have described an XML Signature Wrapping (XSW) attack against a variety of platforms in a paper delivered at USENIX [0]. Various platforms are covered, including OpenSAML and Apache Axis2. OpenSAML is covered by CVE-2011-1411 [1], but I can't find a CVE ID for Axis2. Could one please be assigned? The OpenSAML CVE ID is 2011 because some vendors were given pre-notification of the issue in 2011. Since all the details were made public in 2012, I suggest assigning a 2012 CVE ID for Axis2.

David Jorm / Red Hat Security Response Team


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ