Apache Santuario XML Security is vulnerable to bypass attacks. Apache Santuario XML Security for Java 2.0.x before 2.0.3 allows malicious users to remotely bypass the streaming XML signature protection mechanism. It does not affect versions 1.4.x or 1.5.x.
CPE | Name | Operator | Version |
---|---|---|---|
apache xml security for java | le | 2.0.2 |
santuario.apache.org/secadv.data/CVE-2014-8152.txt
santuario.apache.org/secadv.data/CVE-2014-8152.txt.asc
seclists.org/oss-sec/2015/q1/181
www.openwall.com/lists/oss-security/2015/01/19/2
www.securityfocus.com/bid/72115
www.securitytracker.com/id/1031556
exchange.xforce.ibmcloud.com/vulnerabilities/99993
lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3@%3Ccommits.santuario.apache.org%3E
lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd@%3Ccommits.santuario.apache.org%3E