CVE-2013-2172

2013-08-2022:55:04

Debian Security Bug Tracker

security-tracker.debian.org

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

76.1%

JSON

jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak “canonicalization algorithm to apply to the SignedInfo part of the Signature.”

OSVersionArchitecturePackageVersionFilename
Debian12alllibxml-security-java< 1.5.5-2libxml-security-java_1.5.5-2_all.deb
Debian11alllibxml-security-java< 1.5.5-2libxml-security-java_1.5.5-2_all.deb
Debian999alllibxml-security-java< 1.5.5-2libxml-security-java_1.5.5-2_all.deb
Debian13alllibxml-security-java< 1.5.5-2libxml-security-java_1.5.5-2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	libxml-security-java	< 1.5.5-2	libxml-security-java_1.5.5-2_all.deb
Debian	11	all	libxml-security-java	< 1.5.5-2	libxml-security-java_1.5.5-2_all.deb
Debian	999	all	libxml-security-java	< 1.5.5-2	libxml-security-java_1.5.5-2_all.deb
Debian	13	all	libxml-security-java	< 1.5.5-2	libxml-security-java_1.5.5-2_all.deb