CVE-2013-2172
Last modified
CVE-2013-2172 is a vulnerability of currently unknown severity. jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization algorithm to apply to the SignedInfo part of the Signature.". EPSS estimates a 5.93% chance of exploitation in the next 30 days.
Description
jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization algorithm to apply to the SignedInfo part of the Signature."
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Apache | Santuario Xml Security For Java | 1.4.7 |
| Apache | Santuario Xml Security For Java | 1.5.0 |
| Apache | Santuario Xml Security For Java | 1.5.1 |
| Apache | Santuario Xml Security For Java | 1.5.2 |
| Apache | Santuario Xml Security For Java | 1.5.3 |
| Apache | Santuario Xml Security For Java | 1.5.4 |
References
- http://secunia.com/advisories/54019Vendor Advisory
- http://secunia.com/advisories/54019Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2013-2172?
How severe is CVE-2013-2172?
How do I fix CVE-2013-2172?
Are you affected by CVE-2013-2172?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST