Lucene search

[email protected]NVD:CVE-2013-2172

HistoryAug 20, 2013 - 10:55 p.m.

CVE-2013-2172

2013-08-2022:55:04

CWE-310

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

76.1%

JSON

jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak “canonicalization algorithm to apply to the SignedInfo part of the Signature.”

Affected configurations

NVD

Node

apachesantuario_xml_security_for_javaMatch1.4.7

apachesantuario_xml_security_for_javaMatch1.5.0

apachesantuario_xml_security_for_javaMatch1.5.1

apachesantuario_xml_security_for_javaMatch1.5.2

apachesantuario_xml_security_for_javaMatch1.5.3

apachesantuario_xml_security_for_javaMatch1.5.4

References

rhn.redhat.com/errata/RHSA-2013-1207.html

rhn.redhat.com/errata/RHSA-2013-1208.html

rhn.redhat.com/errata/RHSA-2013-1209.html

rhn.redhat.com/errata/RHSA-2013-1217.html

rhn.redhat.com/errata/RHSA-2013-1218.html

rhn.redhat.com/errata/RHSA-2013-1219.html

rhn.redhat.com/errata/RHSA-2013-1220.html

rhn.redhat.com/errata/RHSA-2013-1375.html

rhn.redhat.com/errata/RHSA-2013-1437.html

rhn.redhat.com/errata/RHSA-2013-1853.html

rhn.redhat.com/errata/RHSA-2014-0212.html

santuario.apache.org/secadv.data/CVE-2013-2172.txt.asc

seclists.org/fulldisclosure/2014/Dec/23

secunia.com/advisories/54019

svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java?r1=1353876&r2=1493772&pathrev=1493772&diff_format=h

www.debian.org/security/2014/dsa-3065

www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

www.osvdb.org/94651

www.securityfocus.com/archive/1/534161/100/0/threaded

www.securityfocus.com/bid/60846

www.ubuntu.com/usn/USN-2028-1

www.vmware.com/security/advisories/VMSA-2014-0012.html

lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3%40%3Ccommits.santuario.apache.org%3E

lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd%40%3Ccommits.santuario.apache.org%3E