CVE-2013-2153
Published Aug 20, 2013
Last updated a year ago
Overview
- Description
- The XML digital signature functionality (xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows context-dependent attackers to reuse signatures and spoof arbitrary content via crafted Reference elements in the Signature, aka "XML Signature Bypass issue."
- Source
- secalert@redhat.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-310
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:xml_security_for_c\\+\\+:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C6E08B80-1BD6-4EC2-93DF-AEAA536EDE0F",
"versionEndIncluding": "1.7.0"
},
{
"criteria": "cpe:2.3:a:apache:xml_security_for_c\\+\\+:0.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CFD5684C-5B70-4CD3-89E7-0F3097958AAA"
},
{
"criteria": "cpe:2.3:a:apache:xml_security_for_c\\+\\+:0.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ED43C71F-52EF-4689-B318-58F61A851BA3"
},
{
"criteria": "cpe:2.3:a:apache:xml_security_for_c\\+\\+:1.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CEDB2652-EAAB-43B6-B696-3F959BA8FF44"
},
{
"criteria": "cpe:2.3:a:apache:xml_security_for_c\\+\\+:1.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D49CBC6A-9D55-4DD0-B8DE-EA180ECDC65E"
},
{
"criteria": "cpe:2.3:a:apache:xml_security_for_c\\+\\+:1.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9261A27B-0AAE-4E04-B86A-6580A5AF2338"
},
{
"criteria": "cpe:2.3:a:apache:xml_security_for_c\\+\\+:1.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "52CA39D1-4388-4D32-9731-A77A398AC7CF"
},
{
"criteria": "cpe:2.3:a:apache:xml_security_for_c\\+\\+:1.3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "121C098C-89AF-4BC2-976B-A4D6A67834DD"
},
{
"criteria": "cpe:2.3:a:apache:xml_security_for_c\\+\\+:1.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9C786580-77FE-4E7E-AA2E-39B976CD8C01"
},
{
"criteria": "cpe:2.3:a:apache:xml_security_for_c\\+\\+:1.5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5BAC98AB-3D00-43C3-9DF1-39857DFD3A2A"
},
{
"criteria": "cpe:2.3:a:apache:xml_security_for_c\\+\\+:1.5.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "84C316AD-4D17-4286-9A63-300D04CD276B"
},
{
"criteria": "cpe:2.3:a:apache:xml_security_for_c\\+\\+:1.6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7D0DC1ED-A147-44FA-9A4D-364B98921C35"
},
{
"criteria": "cpe:2.3:a:apache:xml_security_for_c\\+\\+:1.6.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5B2CEC20-1F70-4D95-8972-3163720BCC20"
}
],
"operator": "OR"
}
]
}
]