← back
CVE-2013-2172

CVE-2013-2172

EPSS 5.9%
jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization algorithm to apply to the SignedInfo part of the Signature."
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://rhn.redhat.com/errata/RHSA-2013-1207.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1208.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1209.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1217.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1218.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1219.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1220.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1375.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1437.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1853.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0212.htmlhttp://santuario.apache.org/secadv.data/CVE-2013-2172.txt.asc