4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
54.6%
Apache Santuario implements the XML Signature Syntax and Processing and XML
Encryption Syntax and Processing standards.
A flaw was found in the way Apache Santuario XML Security for Java
validated XML signatures. Santuario allowed a signature to specify an
arbitrary canonicalization algorithm, which would be applied to the
SignedInfo XML fragment. A remote attacker could exploit this to spoof an
XML signature via a specially-crafted XML signature block. (CVE-2013-2172)
Warning: Before applying this update, back up your existing Red Hat JBoss
Enterprise Application Platform installation (including all applications
and configuration files).
All users of Red Hat JBoss Enterprise Application Platform 5.2.0 on Red Hat
Enterprise Linux 4, 5, and 6 are advised to upgrade to this updated
package. The JBoss server process must be restarted for the update to take
effect.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 5 | src | xml-security | <Β 1.5.1-3_patch01.ep5.el5 | xml-security-1.5.1-3_patch01.ep5.el5.src.rpm |
RedHat | 6 | src | xml-security | <Β 1.5.1-3_patch01.ep5.el6 | xml-security-1.5.1-3_patch01.ep5.el6.src.rpm |
RedHat | 5 | noarch | xml-security | <Β 1.5.1-3_patch01.ep5.el5 | xml-security-1.5.1-3_patch01.ep5.el5.noarch.rpm |
RedHat | 6 | noarch | xml-security | <Β 1.5.1-3_patch01.ep5.el6 | xml-security-1.5.1-3_patch01.ep5.el6.noarch.rpm |