CVE-2013-2172

CVSS v2.0 4.3 (Medium)

EPSS 0.49 % (76^th)

Affected Products 1

Advisories 3

jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization algorithm to apply to the SignedInfo part of the Signature."

Weaknesses

CWE-310: Cryptographic Issues

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2013-08-20 22:55:04
(11 years ago)
Updated Date: 2023-04-18 19:06:25
(17 months ago)

Affected Products

Apache

Santuario Xml Security For Java

Configuration #1

		CPE23	From	Up To
	Apache Santuario Xml Security for Java 1.4.7	cpe:2.3:a:apache:santuario_xml_security_for_java:1.4.7
	Apache Santuario Xml Security for Java 1.5.0	cpe:2.3:a:apache:santuario_xml_security_for_java:1.5.0
	Apache Santuario Xml Security for Java 1.5.1	cpe:2.3:a:apache:santuario_xml_security_for_java:1.5.1
	Apache Santuario Xml Security for Java 1.5.2	cpe:2.3:a:apache:santuario_xml_security_for_java:1.5.2
	Apache Santuario Xml Security for Java 1.5.3	cpe:2.3:a:apache:santuario_xml_security_for_java:1.5.3
	Apache Santuario Xml Security for Java 1.5.4	cpe:2.3:a:apache:santuario_xml_security_for_java:1.5.4