QwikSec

Security Database

CVE

CWE

Training

CVE-2013-2172

Published: Aug 20, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization algorithm to apply to the SignedInfo part of the Signature."

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_REDHAT

third-party-advisory

x_refsource_SECUNIA

http://www.vmware.com/security/advisories/VMSA-2014-0012.html

x_refsource_CONFIRM

vendor-advisory

x_refsource_REDHAT

http://santuario.apache.org/secadv.data/CVE-2013-2172.txt.asc

x_refsource_CONFIRM

vendor-advisory

x_refsource_REDHAT

20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities

mailing-list

x_refsource_BUGTRAQ

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java?r1=1353876&r2=1493772&pathrev=1493772&diff_format=h

x_refsource_MISC

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

x_refsource_CONFIRM

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities

mailing-list

x_refsource_FULLDISC

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vdb-entry

x_refsource_BID

vdb-entry

x_refsource_OSVDB

vendor-advisory

x_refsource_DEBIAN

[santuario-commits] 20190823 svn commit: r1049214 - in /websites/production/santuario/content: cache/main.pageCache download.html index.html javaindex.html javareleasenotes.html secadv.data/CVE-2019-12400.asc secadv.html

mailing-list

x_refsource_MLIST

[santuario-commits] 20210917 svn commit: r1076843 - in /websites/production/santuario/content: cache/main.pageCache index.html javaindex.html secadv.data/CVE-2021-40690.txt.asc secadv.html

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.