4.3

CVE-2013-2172

EPSS 5.45%
Published 20.08.2013 22:55:04
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization algorithm to apply to the SignedInfo part of the Signature."

Affected products Warnungen 0 Metrics 2 CWE 0 References 27

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ Santuario Xml Security For Java Version1.4.7

Apache ≫ Santuario Xml Security For Java Version1.5.0

Apache ≫ Santuario Xml Security For Java Version1.5.1

Apache ≫ Santuario Xml Security For Java Version1.5.2

Apache ≫ Santuario Xml Security For Java Version1.5.3

Apache ≫ Santuario Xml Security For Java Version1.5.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	5.45%	0.897

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3%40%3Ccommits.santuario.apache.org%3E

https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd%40%3Ccommits.santuario.apache.org%3E

http://rhn.redhat.com/errata/RHSA-2013-1853.html

http://rhn.redhat.com/errata/RHSA-2013-1437.html

http://seclists.org/fulldisclosure/2014/Dec/23

http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

http://www.securityfocus.com/archive/1/534161/100/0/threaded

http://www.vmware.com/security/advisories/VMSA-2014-0012.html

http://rhn.redhat.com/errata/RHSA-2013-1207.html

http://rhn.redhat.com/errata/RHSA-2013-1208.html

http://rhn.redhat.com/errata/RHSA-2013-1209.html

http://rhn.redhat.com/errata/RHSA-2013-1217.html

http://rhn.redhat.com/errata/RHSA-2013-1218.html

http://rhn.redhat.com/errata/RHSA-2013-1219.html

http://rhn.redhat.com/errata/RHSA-2013-1220.html

http://rhn.redhat.com/errata/RHSA-2013-1375.html

http://rhn.redhat.com/errata/RHSA-2014-0212.html

http://santuario.apache.org/secadv.data/CVE-2013-2172.txt.asc

Vendor Advisory

http://secunia.com/advisories/54019

Vendor Advisory

http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java?r1=1353876&r2=1493772&pathrev=1493772&diff_format=h

Patch

http://www.debian.org/security/2014/dsa-3065

http://www.osvdb.org/94651

http://www.securityfocus.com/bid/60846

http://www.ubuntu.com/usn/USN-2028-1

https://nvd.nist.gov/vuln/detail/CVE-2013-2172

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-2172

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-2172

EUVD