James Forshaw discovered that Apache XML Security for Java incorrectly
validated CanonicalizationMethod parameters. An attacker could use this
flaw to spoof XML signatures.

OSVersionArchitecturePackageVersionFilename
Ubuntu10.04noarchlibxml-security-java< 1.4.3-2ubuntu0.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	10.04	noarch	libxml-security-java	< 1.4.3-2ubuntu0.1	UNKNOWN

References

ubuntu.com/security/CVE-2013-2172

nessus 10

prion 1

debian 3

osv 2

redhat 11

veracode 1

ubuntucve 1

cve 1

ibm 5

securityvulns 3

cvelist 1

seebug 1

openvas 5

github 1

mageia 1

debiancve 1

oracle 2

nessus

RHEL 5 / 6 : xml-security in JBoss EWP (RHSA-2013:1219)

2014-06-28 00:00:00

Debian DSA-3065-1 : libxml-security-java - security update

2014-11-07 00:00:00

RHEL 5 / 6 : xml-security (RHSA-2013:1217)

2013-09-10 00:00:00

prion

Code injection

2013-08-20 22:55:00

debian

[SECURITY] [DSA 3065-1] libxml-security-java security update

2014-11-06 08:45:42

[SECURITY] [DSA 3065-1] libxml-security-java security update

2014-11-06 08:46:04

[SECURITY] [DLA 85-1] libxml-security-java security update

2014-11-09 16:45:27

osv

Inefficient Algorithmic Complexity in Apache Santuario XML Security

2022-05-13 01:05:56

libxml-security-java - security update

2014-11-06 00:00:00

redhat

(RHSA-2013:1217) Moderate: xml-security security update

2013-09-09 00:00:00

(RHSA-2013:1219) Moderate: xml-security security update

2013-09-09 00:00:00

(RHSA-2013:1375) Moderate: Red Hat JBoss BRMS 5.3.1 update

2013-09-30 17:46:18

veracode

Spoofable XML Signature

2019-01-15 08:59:00

ubuntucve

CVE-2013-2172

2013-08-20 00:00:00

cve

CVE-2013-2172

2013-08-20 22:55:00

ibm

Security Bulletin: A Vulnerability in Apache Santuario affects IBM Cúram (CVE-2013-2172)

2018-11-07 15:35:01

Security Bulletin: IBM Sterling B2B Integrator vulnerable due to Apache Santuario XML Security for Java (CVE-2013-4517, CVE-2013-2172)

2022-10-14 21:43:17

Security Bulletin: A vulnerability in Apache XML Security for Java affects IBM Tivoli Business Service Manager (CVE-2013-4517, CVE-2013-2172, CVE-2009-0217, CVE-2021-40690)

2022-10-06 04:39:35

securityvulns

[USN-2028-1] Apache XML Security for Java vulnerability

2013-12-09 00:00:00

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

2013-12-09 00:00:00

Oracle / Sun / MySQL / PeopleSoft applications multiple security vulnerabilities

2013-12-09 00:00:00

cvelist

CVE-2013-2172

2013-08-20 22:00:00

seebug

Apache XML Security签名伪造漏洞

2013-07-02 00:00:00

openvas

Debian: Security Advisory (DLA-85-1)

2023-03-08 00:00:00

Ubuntu: Security Advisory (USN-2028-1)

2022-08-26 00:00:00

Debian Security Advisory DSA 3065-1 (libxml-security-java - security update)

2014-11-06 00:00:00

github

Inefficient Algorithmic Complexity in Apache Santuario XML Security

2022-05-13 01:05:56

mageia

Updated xml-security package fixes security vulnerability

2014-01-06 04:52:37

debiancve

CVE-2013-2172

2013-08-20 22:55:00

oracle

Oracle Critical Patch Update - October 2013

2013-10-15 00:00:00

Oracle Critical Patch Update - July 2014

2014-07-15 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
OpenSource

@2024 Vulners Inc

6.2 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.0%

JSON

Related for USN-2028-1