What does BZ-826534 / CVE-2012-2379 patch introduced in EAP 5.2.0 / SOA-P 5.3.1 really do?

Solution Verified - Updated -

Issue

  • The BZ-826534 / CVE-2012-2379 patch seems to just check WSDL and not fix the security hole reported as CVE-2012-2379 at all.
  • What does this patch introduced in EAP 5.2.0 / SOA-P 5.3.1 really do?

Environment

  • Red Hat JBoss Enterprise Application Platform (EAP)
    • 5.2.0
  • Red Hat JBoss SOA Platform (SOA-P)
    • 5.3.1
  • JBoss WS CXF stack
    • 3.1.2.SP13

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In