Vulnerability Description
jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization algorithm to apply to the SignedInfo part of the Signature."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Santuario Xml Security For Java | 1.4.7 |
Related Weaknesses (CWE)
References
- http://rhn.redhat.com/errata/RHSA-2013-1207.html
- http://rhn.redhat.com/errata/RHSA-2013-1208.html
- http://rhn.redhat.com/errata/RHSA-2013-1209.html
- http://rhn.redhat.com/errata/RHSA-2013-1217.html
- http://rhn.redhat.com/errata/RHSA-2013-1218.html
- http://rhn.redhat.com/errata/RHSA-2013-1219.html
- http://rhn.redhat.com/errata/RHSA-2013-1220.html
- http://rhn.redhat.com/errata/RHSA-2013-1375.html
- http://rhn.redhat.com/errata/RHSA-2013-1437.html
- http://rhn.redhat.com/errata/RHSA-2013-1853.html
- http://rhn.redhat.com/errata/RHSA-2014-0212.html
- http://santuario.apache.org/secadv.data/CVE-2013-2172.txt.ascVendor Advisory
- http://seclists.org/fulldisclosure/2014/Dec/23
- http://secunia.com/advisories/54019Vendor Advisory
- http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/srPatch
FAQ
What is CVE-2013-2172?
CVE-2013-2172 is a vulnerability with a CVSS score of 4.3 (MEDIUM). jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signatur...
How severe is CVE-2013-2172?
CVE-2013-2172 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-2172?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Santuario Xml Security For Java.