Lucene search
UbuntuUSN-2028-1HistoryNov 12, 2013 - 12:00 a.m.
Apache XML Security for Java vulnerability
2013-11-1200:00:00
ubuntu.com
33
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.2 Medium
AI Score
Confidence
High
0.005 Low
EPSS
Percentile
76.1%
Releases
- Ubuntu 10.04
Packages
- libxml-security-java - implementation of security standards for XML
Details
James Forshaw discovered that Apache XML Security for Java incorrectly
validated CanonicalizationMethod parameters. An attacker could use this
flaw to spoof XML signatures.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 10.04 | noarch | libxml-security-java | <Β 1.4.3-2ubuntu0.1 | UNKNOWN |
References
Related
prion
prion
Code injection
2013-08-20 22:55:00
osv
osv
Inefficient Algorithmic Complexity in Apache Santuario XML Security
2022-05-13 01:05:56
libxml-security-java - security update
2014-11-06 00:00:00
debian
debian
[SECURITY] [DSA 3065-1] libxml-security-java security update
2014-11-06 08:45:42
[SECURITY] [DSA 3065-1] libxml-security-java security update
2014-11-06 08:45:42
[SECURITY] [DLA 85-1] libxml-security-java security update
2014-11-09 16:34:59
nessus
nessus
RHEL 5 / 6 : xml-security in JBoss EWP (RHSA-2013:1219)
2014-06-28 00:00:00
Debian DSA-3065-1 : libxml-security-java - security update
2014-11-07 00:00:00
Ubuntu 10.04 LTS : libxml-security-java vulnerability (USN-2028-1)
2013-11-13 00:00:00
cve
cve
CVE-2013-2172
2013-08-20 22:55:04
ubuntucve
ubuntucve
CVE-2013-2172
2013-08-20 00:00:00
veracode
veracode
Spoofable XML Signature
2019-01-15 08:59:00
redhat
redhat
(RHSA-2013:1217) Moderate: xml-security security update
2013-09-09 00:00:00
(RHSA-2013:1219) Moderate: xml-security security update
2013-09-09 00:00:00
(RHSA-2013:1218) Moderate: xml-security security update
2013-09-09 16:49:26
ibm
ibm
openvas
openvas
Debian Security Advisory DSA 3065-1 (libxml-security-java - security update)
2014-11-06 00:00:00
Mageia: Security Advisory (MGASA-2014-0002)
2022-01-28 00:00:00
Debian: Security Advisory (DSA-3065-1)
2014-11-05 00:00:00
debiancve
debiancve
CVE-2013-2172
2013-08-20 22:55:04
mageia
mageia
Updated xml-security package fixes security vulnerability
2014-01-06 04:52:37
securityvulns
securityvulns
[USN-2028-1] Apache XML Security for Java vulnerability
2013-12-09 00:00:00
nvd
nvd
CVE-2013-2172
2013-08-20 22:55:04
github
github
Inefficient Algorithmic Complexity in Apache Santuario XML Security
2022-05-13 01:05:56
cvelist
cvelist
CVE-2013-2172
2013-08-20 22:00:00
seebug
seebug
Apache XML SecurityηΎεδΌͺι ζΌζ΄
2013-07-02 00:00:00
oracle
oracle
Oracle Critical Patch Update - October 2013
2013-10-15 00:00:00
Oracle Critical Patch Update - July 2014
2014-07-15 00:00:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.2 Medium
AI Score
Confidence
High
0.005 Low
EPSS
Percentile
76.1%
Related for USN-2028-1