CVE Request: Apache Axis2 XML Signature Wrapping Attack

[David Jorm <djorm () redhat com>]

Juraj Somorovsky and colleagues have described an XML Signature Wrapping (XSW) attack against a variety of platforms in 
a paper delivered at USENIX [0]. Various platforms are covered, including OpenSAML and Apache Axis2. OpenSAML is 
covered by CVE-2011-1411 [1], but I can't find a CVE ID for Axis2. Could one please be assigned? The OpenSAML CVE ID is 
2011 because some vendors were given pre-notification of the issue in 2011. Since all the details were made public in 
2012, I suggest assigning a 2012 CVE ID for Axis2.

Thanks
-- 
David Jorm / Red Hat Security Response Team

[0] http://www.nds.rub.de/media/nds/veroeffentlichungen/2012/08/22/BreakingSAML_3.pdf
[1] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1411