4.3

CVE-2013-2172

EPSS 5.45%
Veröffentlicht 20.08.2013 22:55:04
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization algorithm to apply to the SignedInfo part of the Signature."

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 27

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Santuario Xml Security For Java Version1.4.7

Apache ≫ Santuario Xml Security For Java Version1.5.0

Apache ≫ Santuario Xml Security For Java Version1.5.1

Apache ≫ Santuario Xml Security For Java Version1.5.2

Apache ≫ Santuario Xml Security For Java Version1.5.3

Apache ≫ Santuario Xml Security For Java Version1.5.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	5.45%	0.897

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3%40%3Ccommits.santuario.apache.org%3E

https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd%40%3Ccommits.santuario.apache.org%3E

http://rhn.redhat.com/errata/RHSA-2013-1853.html

http://rhn.redhat.com/errata/RHSA-2013-1437.html

http://seclists.org/fulldisclosure/2014/Dec/23

http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

http://www.securityfocus.com/archive/1/534161/100/0/threaded

http://www.vmware.com/security/advisories/VMSA-2014-0012.html

http://rhn.redhat.com/errata/RHSA-2013-1207.html

http://rhn.redhat.com/errata/RHSA-2013-1208.html

http://rhn.redhat.com/errata/RHSA-2013-1209.html

http://rhn.redhat.com/errata/RHSA-2013-1217.html

http://rhn.redhat.com/errata/RHSA-2013-1218.html

http://rhn.redhat.com/errata/RHSA-2013-1219.html

http://rhn.redhat.com/errata/RHSA-2013-1220.html

http://rhn.redhat.com/errata/RHSA-2013-1375.html

http://rhn.redhat.com/errata/RHSA-2014-0212.html

http://santuario.apache.org/secadv.data/CVE-2013-2172.txt.asc

Vendor Advisory

http://secunia.com/advisories/54019

Vendor Advisory

http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java?r1=1353876&r2=1493772&pathrev=1493772&diff_format=h

Patch

http://www.debian.org/security/2014/dsa-3065

http://www.osvdb.org/94651

http://www.securityfocus.com/bid/60846

http://www.ubuntu.com/usn/USN-2028-1

https://nvd.nist.gov/vuln/detail/CVE-2013-2172

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-2172

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-2172

EUVD