Thanks for the additional information. There is indeed an issue with the RPC case, which has now been fixed for the next releases (which are imminent).
Colm. On Fri, Mar 20, 2020 at 12:49 PM Tomasz Zorawik <[email protected]> wrote: > Here is my WSDL (simplified): > > <?xml version="1.0" encoding="UTF-8" standalone="no"?> > <wsdl:definitions xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"; > xmlns:tns="http://example.com/Example/"; > xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"; > xmlns:xsd="http://www.w3.org/2001/XMLSchema"; name="Example" > targetNamespace="http://example.com/Example/";> > <wsdl:message name="Operation1Request" /> > <wsdl:message name="Operation1Response" /> > > <wsdl:message name="Operation2Request" /> > <wsdl:message name="Operation2Response" /> > > <wsdl:portType name="ExamplePortType"> > <wsdl:operation name="Operation1"> > <wsdl:input message="tns:Operation1Request"/> > <wsdl:output message="tns:Operation1Response"/> > </wsdl:operation> > <wsdl:operation name="Operation2"> > <wsdl:input message="tns:Operation2Request"/> > <wsdl:output message="tns:Operation2Response"/> > </wsdl:operation> > </wsdl:portType> > > <wsdl:binding name="ExampleBinding" type="tns:ExamplePortType"> > <soap:binding style="rpc" > transport="http://schemas.xmlsoap.org/soap/http"; /> > <wsdl:operation name="Operation1"> > <soap:operation > soapAction="http://example.com/Example/Operation1"; /> > <wsdl:input> > <soap:body use="literal" > namespace="http://example.com/Example/"; /> > </wsdl:input> > <wsdl:output> > <soap:body use="literal" > namespace="http://example.com/Example/"; /> > </wsdl:output> > </wsdl:operation> > <wsdl:operation name="Operation2"> > <soap:operation > soapAction="http://example.com/Example/Operation2"; /> > <wsdl:input> > <soap:body use="literal" > namespace="http://example.com/Example/"; /> > </wsdl:input> > <wsdl:output> > <soap:body use="literal" > namespace="http://example.com/Example/"; /> > </wsdl:output> > </wsdl:operation> > </wsdl:binding> > > <wsdl:service name="ExampleService"> > <wsdl:port binding="tns:ExampleBinding" name="ExamplePort"> > <soap:address location="http://www.example.org/"/> > </wsdl:port> > </wsdl:service> > </wsdl:definitions> > > I just now noticed that issue http://cxf.apache.org/cve-2012-3451.html > concerned Document Literal web services (where if I understand correctly > operation name in the SOAP message is lost) and my WSDL is RPC literal > style > (and operation name appears in the SOAP message). > > Tomasz > > > > -- > Sent from: http://cxf.547215.n5.nabble.com/cxf-user-f547216.html >
