jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x prior to 1.4.8 and 1.5.x prior to 1.5.5 allows context-dependent malicious users to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization algorithm to apply to the SignedInfo part of the Signature."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache santuario xml security for java 1.5.1 |
||
apache santuario xml security for java 1.5.2 |
||
apache santuario xml security for java 1.5.4 |
||
apache santuario xml security for java 1.5.3 |
||
apache santuario xml security for java 1.4.7 |
||
apache santuario xml security for java 1.5.0 |