Lucene search
Gentoo FoundationMGASA-2014-0002HistoryJan 06, 2014 - 4:52 a.m.
Updated xml-security package fixes security vulnerability
2014-01-0604:52:37
Gentoo Foundation
advisories.mageia.org
6
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.005 Low
EPSS
Percentile
75.8%
James Forshaw discovered that Apache XML Security for Java incorrectly validated CanonicalizationMethod parameters. An attacker could use this flaw to spoof XML signatures (CVE-2013-2172).
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Mageia | 3 | noarch | xml-security | <Β 1.5.5-1 | xml-security-1.5.5-1.mga3 |
Related
nessus
nessus
RHEL 5 / 6 : xml-security in JBoss EWP (RHSA-2013:1219)
2014-06-28 00:00:00
Debian DSA-3065-1 : libxml-security-java - security update
2014-11-07 00:00:00
RHEL 5 / 6 : xml-security (RHSA-2013:1217)
2013-09-10 00:00:00
prion
prion
Code injection
2013-08-20 22:55:00
osv
osv
Inefficient Algorithmic Complexity in Apache Santuario XML Security
2022-05-13 01:05:56
libxml-security-java - security update
2014-11-06 00:00:00
debian
debian
[SECURITY] [DSA 3065-1] libxml-security-java security update
2014-11-06 08:45:42
[SECURITY] [DSA 3065-1] libxml-security-java security update
2014-11-06 08:45:42
[SECURITY] [DLA 85-1] libxml-security-java security update
2014-11-09 16:34:59
redhat
redhat
(RHSA-2013:1217) Moderate: xml-security security update
2013-09-09 00:00:00
(RHSA-2013:1219) Moderate: xml-security security update
2013-09-09 00:00:00
(RHSA-2013:1375) Moderate: Red Hat JBoss BRMS 5.3.1 update
2013-09-30 17:46:18
ubuntucve
ubuntucve
CVE-2013-2172
2013-08-20 00:00:00
veracode
veracode
Spoofable XML Signature
2019-01-15 08:59:00
cve
cve
CVE-2013-2172
2013-08-20 22:55:00
ibm
ibm
seebug
seebug
Apache XML SecurityηΎεδΌͺι ζΌζ΄
2013-07-02 00:00:00
securityvulns
securityvulns
[USN-2028-1] Apache XML Security for Java vulnerability
2013-12-09 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-2028-1)
2022-08-26 00:00:00
Debian: Security Advisory (DLA-85-1)
2023-03-08 00:00:00
Debian: Security Advisory (DSA-3065-1)
2014-11-05 00:00:00
github
github
Inefficient Algorithmic Complexity in Apache Santuario XML Security
2022-05-13 01:05:56
debiancve
debiancve
CVE-2013-2172
2013-08-20 22:55:00
ubuntu
ubuntu
Apache XML Security for Java vulnerability
2013-11-12 00:00:00
oracle
oracle
Oracle Critical Patch Update - October 2013
2013-10-15 00:00:00
Oracle Critical Patch Update - July 2014
2014-07-15 00:00:00
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.005 Low
EPSS
Percentile
75.8%
Related for MGASA-2014-0002