CVE-2013-2155

Published Aug 20, 2013

Last updated a year ago

Overview

Description: Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 does not properly validate length values, which allows remote attackers to cause a denial of service or bypass the CVE-2009-0217 protection mechanism and spoof a signature via crafted length values to the (1) compareBase64StringToRaw, (2) DSIGAlgorithmHandlerDefault, or (3) DSIGAlgorithmHandlerDefault::verify functions.
Source: secalert@redhat.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 5.8
Impact score: 4.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-20

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apache:xml_security_for_c\\+\\+:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C6E08B80-1BD6-4EC2-93DF-AEAA536EDE0F",
            "versionEndIncluding": "1.7.0"
          },
          {
            "criteria": "cpe:2.3:a:apache:xml_security_for_c\\+\\+:0.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CFD5684C-5B70-4CD3-89E7-0F3097958AAA"
          },
          {
            "criteria": "cpe:2.3:a:apache:xml_security_for_c\\+\\+:0.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ED43C71F-52EF-4689-B318-58F61A851BA3"
          },
          {
            "criteria": "cpe:2.3:a:apache:xml_security_for_c\\+\\+:1.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CEDB2652-EAAB-43B6-B696-3F959BA8FF44"
          },
          {
            "criteria": "cpe:2.3:a:apache:xml_security_for_c\\+\\+:1.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D49CBC6A-9D55-4DD0-B8DE-EA180ECDC65E"
          },
          {
            "criteria": "cpe:2.3:a:apache:xml_security_for_c\\+\\+:1.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9261A27B-0AAE-4E04-B86A-6580A5AF2338"
          },
          {
            "criteria": "cpe:2.3:a:apache:xml_security_for_c\\+\\+:1.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "52CA39D1-4388-4D32-9731-A77A398AC7CF"
          },
          {
            "criteria": "cpe:2.3:a:apache:xml_security_for_c\\+\\+:1.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "121C098C-89AF-4BC2-976B-A4D6A67834DD"
          },
          {
            "criteria": "cpe:2.3:a:apache:xml_security_for_c\\+\\+:1.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C786580-77FE-4E7E-AA2E-39B976CD8C01"
          },
          {
            "criteria": "cpe:2.3:a:apache:xml_security_for_c\\+\\+:1.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5BAC98AB-3D00-43C3-9DF1-39857DFD3A2A"
          },
          {
            "criteria": "cpe:2.3:a:apache:xml_security_for_c\\+\\+:1.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "84C316AD-4D17-4286-9A63-300D04CD276B"
          },
          {
            "criteria": "cpe:2.3:a:apache:xml_security_for_c\\+\\+:1.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7D0DC1ED-A147-44FA-9A4D-364B98921C35"
          },
          {
            "criteria": "cpe:2.3:a:apache:xml_security_for_c\\+\\+:1.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B2CEC20-1F70-4D95-8972-3163720BCC20"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References