What does BZ-826534 / CVE-2012-2379 patch introduced in EAP 5.2.0 / SOA-P 5.3.1 really do?
Issue
- The BZ-826534 / CVE-2012-2379 patch seems to just check WSDL and not fix the security hole reported as CVE-2012-2379 at all.
- What does this patch introduced in EAP 5.2.0 / SOA-P 5.3.1 really do?
Environment
- Red Hat JBoss Enterprise Application Platform (EAP)
- 5.2.0
- Red Hat JBoss SOA Platform (SOA-P)
- 5.3.1
- JBoss WS CXF stack
- 3.1.2.SP13
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.