4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
54.6%
Apache Santuario implements the XML Signature Syntax and Processing and XML
Encryption Syntax and Processing standards.
A flaw was found in the way Apache Santuario XML Security for Java
validated XML signatures. Santuario allowed a signature to specify an
arbitrary canonicalization algorithm, which would be applied to the
SignedInfo XML fragment. A remote attacker could exploit this to spoof an
XML signature via a specially-crafted XML signature block. (CVE-2013-2172)
Warning: Before applying this update, back up your existing Red Hat JBoss
Web Platform installation (including all applications and configuration
files).
All users of Red Hat JBoss Web Platform 5.2.0 on Red Hat Enterprise Linux
4, 5, and 6 are advised to upgrade to this updated package. The JBoss
server process must be restarted for the update to take effect.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 5 | src | xml-security | <Β 1.5.1-3_patch01.ep5.el5 | xml-security-1.5.1-3_patch01.ep5.el5.src.rpm |
RedHat | 6 | src | xml-security | <Β 1.5.1-3_patch01.ep5.el6 | xml-security-1.5.1-3_patch01.ep5.el6.src.rpm |
RedHat | 5 | noarch | xml-security | <Β 1.5.1-3_patch01.ep5.el5 | xml-security-1.5.1-3_patch01.ep5.el5.noarch.rpm |
RedHat | 6 | noarch | xml-security | <Β 1.5.1-3_patch01.ep5.el6 | xml-security-1.5.1-3_patch01.ep5.el6.noarch.rpm |