Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2013-2172

Published: 20/08/2013 Updated: 18/04/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Apache

Vulnerability Summary

jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x prior to 1.4.8 and 1.5.x prior to 1.5.5 allows context-dependent malicious users to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization algorithm to apply to the SignedInfo part of the Signature."

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache santuario xml security for java 1.5.1

apache santuario xml security for java 1.5.2

apache santuario xml security for java 1.5.4

apache santuario xml security for java 1.5.3

apache santuario xml security for java 1.4.7

apache santuario xml security for java 1.5.0

Vendor Advisories

Ubuntu Security Notice: libxml-security-java vulnerability
Apache XML Security for Java could be tricked into validating spoofed signatures ...
Debian CVElist Bug Report Logs: libxml-security-java: CVE-2013-2172
Debian Bug report logs - #720375 libxml-security-java: CVE-2013-2172 Package: libxml-security-java; Maintainer for libxml-security-java is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for libxml-security-java is src:libxml-security-java (PTS, buildd, popcon) Reported by: Salvatore Bonaccorso ...
Debian CVElist Bug Report Logs: libxml-security-java: CVE-2013-4517
Debian Bug report logs - #733938 libxml-security-java: CVE-2013-4517 Package: libxml-security-java; Maintainer for libxml-security-java is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for libxml-security-java is src:libxml-security-java (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff & ...
Debian Security Advisories: DSA-3065-1 libxml-security-java -- security update
James Forshaw discovered that, in Apache Santuario XML Security for Java, CanonicalizationMethod parameters were incorrectly validated: by specifying an arbitrary weak canonicalization algorithm, an attacker could spoof XML signatures For the stable distribution (wheezy), this problem has been fixed in version 145-1+deb7u1 For the testing distr ...
Red Hat: Moderate: xml-security security update
Synopsis Moderate: xml-security security update Type/Severity Security Advisory: Moderate Topic An updated xml-security package that fixes one security issue is nowavailable for Red Hat JBoss Enterprise Application Platform 520 for RedHat Enterprise Linux 4, 5, and 6The Red Hat Security Response Team has ...
Red Hat: Moderate: xml-security security update
Synopsis Moderate: xml-security security update Type/Severity Security Advisory: Moderate Topic An updated xml-security package that fixes one security issue is nowavailable for Red Hat JBoss Web Platform 520 for Red Hat Enterprise Linux4, 5, and 6The Red Hat Security Response Team has rated this update ...
Red Hat: Moderate: Red Hat JBoss Enterprise Application Platform 6.1.1 update
Synopsis Moderate: Red Hat JBoss Enterprise Application Platform 611 update Type/Severity Security Advisory: Moderate Topic Red Hat JBoss Enterprise Application Platform 611, which fixes multiplesecurity issues, various bugs, and adds enhancements, is now available forRed Hat Enterprise Linux 6The Red ...
Red Hat: Moderate: Red Hat JBoss Enterprise Application Platform 6.1.1 update
Synopsis Moderate: Red Hat JBoss Enterprise Application Platform 611 update Type/Severity Security Advisory: Moderate Topic Red Hat JBoss Enterprise Application Platform 611, which fixes multiplesecurity issues, various bugs, and adds enhancements, is now available forRed Hat Enterprise Linux 5The Red ...

References

CWE-310http://www.osvdb.org/94651http://santuario.apache.org/secadv.data/CVE-2013-2172.txt.aschttp://secunia.com/advisories/54019http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java?r1=1353876&r2=1493772&pathrev=1493772&diff_format=hhttp://rhn.redhat.com/errata/RHSA-2013-1217.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1218.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1220.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1219.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1208.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1209.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1207.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1375.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1437.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1853.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0212.htmlhttp://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.htmlhttp://www.debian.org/security/2014/dsa-3065http://www.vmware.com/security/advisories/VMSA-2014-0012.htmlhttp://seclists.org/fulldisclosure/2014/Dec/23http://www.securityfocus.com/bid/60846http://www.ubuntu.com/usn/USN-2028-1http://www.securityfocus.com/archive/1/534161/100/0/threadedhttps://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd%40%3Ccommits.santuario.apache.org%3Ehttps://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3%40%3Ccommits.santuario.apache.org%3Ehttps://usn.ubuntu.com/2028-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook