CVE-2016-5003

The Apache XML-RPC aka ws-xmlrpc library 3.1.3, as used in Apache Archiva, allows remote attackers to execute arbitrary code via a crafted serialized Java object in an element...

CVE-2016-5002

XML external entity XXE vulnerability in the Apache XML-RPC aka ws-xmlrpc library 3.1.3, as used in Apache Archiva, allows remote attackers to conduct server-side request forgery SSRF attacks via a crafted DTD...

Apache XML Graphics FOP 2.1 Information Disclosure Vulnerability

Exploit for multiple platform in category remote exploits CVE-2017-5661: Apache XML Graphics FOP information disclosure vulnerability Severity: Medium Vendor: The Apache Software Foundation Versions Affected: FOP 1.0 - 2.1 Description: Files lying on the filesystem of the server which uses batik...

Apache XML-RPC Server-Side Denial of Service Vulnerability

Apache XML-RPC is a simple , lightweight set of specifications for RPC communication over the HTTP protocol . A denial of service vulnerability exists in Apache XML-RPC that allows remote attackers to cause a denial of service condition...

Apache XML-RPC Server-Side Request Forgery Vulnerability

Apache XML-RPC is the United States Apache Apache Software Foundation of a simple, lightweight set of RPC communication through the HTTP protocol specification. A server-side request forgery vulnerability exists in Apache XML-RPC that allows a remote attacker to construct a malicious URI, trick a...

PT-2016-3245 · Apache · Apache Xml-Rpc Library

Name of the Vulnerable Software and Affected Versions: Apache XML-RPC library version 3.1.3 Description: The issue is related to an XML external entity XXE vulnerability in the Apache XML-RPC library. This vulnerability allows remote attackers to conduct server-side request forgery SSRF attacks v...

MGASA-2014-0002 Updated xml-security package fixes security vulnerability

James Forshaw discovered that Apache XML Security for Java incorrectly validated CanonicalizationMethod parameters. An attacker could use this flaw to spoof XML signatures CVE-2013-2172...

[USN-2028-1] Apache XML Security for Java vulnerability

========================================================================== Ubuntu Security Notice USN-2028-1 November 12, 2013 libxml-security-java vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...

USN-2028-1: Apache XML Security for Java vulnerability

James Forshaw discovered that Apache XML Security for Java incorrectly validated CanonicalizationMethod parameters. An attacker could use this flaw to spoof XML signatures...

Apache XML Security签名伪造漏洞

CVE ID:CVE-2013-2172 Apache XML Security是一个XML安全标准下的数字签名实现 XML签名包含一个"CanonicalizationMethod"参数用于指定应用于签名的SignedInfo部分所需的规范化算法canonicalization algorithm。而实际是XML签名的Apache Santuario XML Security for Java实现允许把任意算法指定给此参数，可被利用对XML签名进行伪造攻击 0 Apache XML Security Java 1.5.x Apache XML Security Java 1.4.x...

FreeBSD : apache-xml-security-c -- heap overflow during XPointer evaluation (81da673e-dfe1-11e2-9389-08002798f6ff)

The Apache Software Foundation reports : The attempted fix to address CVE-2013-2154 introduced the possibility of a heap overflow, possibly leading to arbitrary code execution, in the processing of malformed XPointer expressions in the XML Signature Reference processing code. %NASLMINLEVEL 70300 ...

FreeBSD : apache-xml-security-c -- heap overflow (279e5f4b-d823-11e2-928e-08002798f6ff)

The Apache Software Foundation reports : A heap overflow exists in the processing of the PrefixList attribute optionally used in conjunction with Exclusive Canonicalization, potentially allowing arbitary code execution. If verification of the signature occurs prior to actual evaluation of a signi...

Fedora Update for xml-security-c FEDORA-2011-9494

Check for the Version of xml-security-c OpenVAS Vulnerability Test Fedora Update for xml-security-c FEDORA-2011-9494 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify i...

Fedora Update for xml-security-c FEDORA-2011-9501

Check for the Version of xml-security-c OpenVAS Vulnerability Test Fedora Update for xml-security-c FEDORA-2011-9501 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify i...

[SECURITY] Fedora 15 Update: xml-security-c-1.5.1-5.fc15

The xml-security-c library is a C++ implementation of the XML Digital Signa ture specification. The library makes use of the Apache XML project's Xerces-C X ML Parser and Xalan-C XSLT processor. The latter is used for processing XPath and XSLT transforms...

[SECURITY] Fedora 14 Update: xml-security-c-1.5.1-4.fc14

The xml-security-c library is a C++ implementation of the XML Digital Signa ture specification. The library makes use of the Apache XML project's Xerces-C X ML Parser and Xalan-C XSLT processor. The latter is used for processing XPath and XSLT transforms...

Shibboleth XML Security Signature Key Parsing Denial of Service Vulnerability (Windows)

This host is installed with Shibboleth and is prone to denial of service vulnerability. OpenVAS Vulnerability Test $Id: gbshibbolethxmldosvulnwin.nasl 7015 2017-08-28 11:51:24Z teissa $ Shibboleth XML Security Signature Key Parsing Denial of Service Vulnerability Windows Authors: Sooraj KS...

Shibboleth XML Security Signature Key Parsing Denial of Service Vulnerability - Windows

Shibboleth is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2011-2516

Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service crash via a signature using a large RSA key, which triggers a buffer overflow...

DEBIAN-CVE-2011-2516

Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service crash via a signature using a large RSA key, which triggers a buffer overflow...