CVE-2013-2172
Published Aug 20, 2013
Last updated 2 years ago
Overview
- Description
- jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization algorithm to apply to the SignedInfo part of the Signature."
- Source
- secalert@redhat.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-310
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:santuario_xml_security_for_java:1.4.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3DB7492B-1D95-48D0-9892-C8A47FD15414"
},
{
"criteria": "cpe:2.3:a:apache:santuario_xml_security_for_java:1.5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7D8837A5-0840-44D3-BD7D-335611BDF64D"
},
{
"criteria": "cpe:2.3:a:apache:santuario_xml_security_for_java:1.5.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FD0057FF-4F75-4F35-BD15-1093D22AFE04"
},
{
"criteria": "cpe:2.3:a:apache:santuario_xml_security_for_java:1.5.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C65E4B50-5F5C-4F04-8CF8-4D1CCA2BF427"
},
{
"criteria": "cpe:2.3:a:apache:santuario_xml_security_for_java:1.5.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5889CDAF-4F5A-42D9-A6CE-7F7A4222ECB4"
},
{
"criteria": "cpe:2.3:a:apache:santuario_xml_security_for_java:1.5.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EDD00EBA-1B65-4245-9A3D-D389830450BB"
}
],
"operator": "OR"
}
]
}
]