CVE-2015-3931

EPSS 2.12%
Veröffentlicht 21.07.2017 14:29:00
Zuletzt bearbeitet 13.05.2026 00:24:29
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Microsec e-Szigno before 3.2.7.12 allows remote attackers to perform XML signature wrapping attacks via an e-akta signed document with a ds:Object node with a crafted payload prepended to a valid ds:Object.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 9

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsec ≫ E-szigno Version <= 3.2

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.12%	0.795

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-91 XML Injection (aka Blind XPath Injection)

The product does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.

http://packetstormsecurity.com/files/132473/Microsec-e-Szigno-Netlock-Mokka-XML-Signature-Wrapping.html

Third Party Advisory

VDB Entry

http://www.neih.gov.hu/?q=node/66

Third Party Advisory

http://www.securityfocus.com/bid/75487

Third Party Advisory

VDB Entry

https://e-szigno.hu/letoltesek/programok-driverek.html

Vendor Advisory

https://www.search-lab.hu/about-us/news/107-37-million-digitally-signed-documents-had-to-be-reverified

Third Party Advisory

https://www.search-lab.hu/eakta

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2015-3931

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-3931

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-3931

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2015-3931