Published: 20/10/2023 Updated: 27/10/2023

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 0

Subscribe to Santuario Xml Security For Java

All versions of Apache Santuario - XML Security for Java before 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache santuario xml security for java

Debian Bug report logs - #1059313 libxml-security-java: CVE-2023-44483 Package: src:libxml-security-java; Maintainer for src:libxml-security-java is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Fri, 22 Dec 2023 13:42:02 UTC Severity: im ...

Synopsis Moderate: Red Hat JBoss Enterprise Application Platform 7415 Security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update is now available for Red Hat JBoss Enterprise Application Platform 74 for R ...

Synopsis Moderate: Red Hat JBoss Enterprise Application Platform 7415 security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update is now available for Red Hat JBoss Enterprise Application Platform 74 for R ...

Synopsis Moderate: Red Hat JBoss Enterprise Application Platform 7415 Security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat JBoss Enterprise Application Platform 74Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ( ...

Synopsis Important: Red Hat Build of Apache Camel 40 for Quarkus 32 release (RHBQ 3210Final) Type/Severity Security Advisory: Important Topic An update for Red Hat Build of Apache Camel 40 for Quarkus 32 is now available (updates to RHBQ 3210Final)Red Hat Product Security has rated this update as having a security impact of Importa ...

Small wrapper around XMLDsig stuff

ph-xmldsig Small wrapper around XMLDsig stuff using Apache Santuario Maven usage Add the following to your pomxml to use this artifact, replacing xyz with the effective version number: <dependency> <groupId>comhelger</groupId> <artifactId>ph-xmldsig</artifactId> <version>xyz<

CWE-532 https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55 http://www.openwall.com/lists/oss-security/2023/10/20/5 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059313 https://nvd.nist.gov https://github.com/phax/ph-xmldsig

CVE-2023-44483

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect