Lucene search
K

19 matches found

OpenVAS
OpenVAS
added 2023/03/08 12:0 a.m.13 views

Debian: Security Advisory (DLA-85-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS7.6AI score0.0593EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2022/10/06 4:39 a.m.42 views

Security Bulletin: A vulnerability in Apache XML Security for Java affects IBM Tivoli Business Service Manager (CVE-2013-4517, CVE-2013-2172, CVE-2009-0217, CVE-2021-40690)

Summary Apache XML Security for Java is shipped with IBM Tivoli Business Manager 6.2.0 as part of its XML security infrastructure. Information about security vulnerabilities affecting Apache XML Security for Javahas been published in a security bulletin. Vulnerability Details CVEID:CVE-2013-4517...

7.5CVSS7.3AI score0.10448EPSS
Exploits1Affected Software1
vulnersOsv
vulnersOsv
added 2022/05/13 1:5 a.m.5 views

br.com.esec.icpm:certillion-client-library (>=1.1.7 <=1.2.0), br.com.esec.icpm:certillion-client-library-resteasy-plugin (>=1.1.9 <=1.1.10) +294 more potentially affected by CVE-2013-2172 via org.apache.santuario:xmlsec (>=1.5.1 <=1.5.4)

org.apache.santuario:xmlsec MAVEN version =1.5.1, =1.1.7, =1.1.9, =1.2.5, =1.0, =ec2-2013-02-01 and more Source cves: CVE-2013-2172 Source advisory: OSV:GHSA-R237-W2W6-JQ3P...

4.3CVSS6.7AI score0.0593EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2022/05/13 1:5 a.m.5 views

br.net.woodstock.rockframework:rockframework-core (=1.2.4), br.net.woodstock.rockframework:rockframework-web (>=1.2.1 <=3.0.1) +462 more potentially affected by CVE-2013-2172 via org.apache.santuario:xmlsec (>=1.4.2 <=1.4.6)

org.apache.santuario:xmlsec MAVEN version =1.4.2, =1.2.1, =0.1.14, =12.1.0, =12.1.1, =12.1.2, =12.1.0, =12.1.4, =1.0.83-RC1, =1.0.88-RC1, =1.0.83-RC1, =1.0.83-RC1, =1.0.83-RC1, =1.0.112-RELEASE - com.ahome-it:ahome-tooling-server-vaadin-core =1.0.112-RELEASE and more Source cves: CVE-2013-2172...

4.3CVSS7.1AI score0.0593EPSS
Exploits1
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.18 views

Mageia: Security Advisory (MGASA-2014-0002)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS7.5AI score0.0593EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2015/03/26 12:0 a.m.38 views

Debian DLA-85-1 : libxml-security-java security update

James Forshaw discovered that, in Apache Santuario XML Security for Java, CanonicalizationMethod parameters were incorrectly validated: by specifying an arbitrary weak canonicalization algorithm, an attacker could spoof XML signatures. NOTE: Tenable Network Security has extracted the preceding...

4.3CVSS7.7AI score0.0593EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2014/11/07 12:0 a.m.36 views

Debian DSA-3065-1 : libxml-security-java - security update

James Forshaw discovered that, in Apache Santuario XML Security for Java, CanonicalizationMethod parameters were incorrectly validated: by specifying an arbitrary weak canonicalization algorithm, an attacker could spoof XML signatures. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

4.3CVSS7.7AI score0.0593EPSS
Exploits1References4
Debian
Debian
added 2014/11/06 8:45 a.m.26 views

[SECURITY] [DSA 3065-1] libxml-security-java security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3065-1 [email protected] http://www.debian.org/security/ Sebastien Delafond November 06, 2014 http://www.debian.org/security/faq -...

4.3CVSS2.3AI score0.0593EPSS
Exploits1
Debian
Debian
added 2014/11/06 8:45 a.m.32 views

[SECURITY] [DSA 3065-1] libxml-security-java security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3065-1 [email protected] http://www.debian.org/security/ Sebastien Delafond November 06, 2014 http://www.debian.org/security/faq -...

4.3CVSS6.2AI score0.0593EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2014/06/28 12:0 a.m.28 views

RHEL 5 / 6 : xml-security in JBoss EWP (RHSA-2013:1219)

An updated xml-security package that fixes one security issue is now available for Red Hat JBoss Web Platform 5.2.0 for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS bas...

4.3CVSS7.3AI score0.0593EPSS
Exploits1References4
Mageia
Mageia
added 2014/01/06 12:52 a.m.36 views

Updated xml-security package fixes security vulnerability

James Forshaw discovered that Apache XML Security for Java incorrectly validated CanonicalizationMethod parameters. An attacker could use this flaw to spoof XML signatures CVE-2013-2172...

4.3CVSS3.2AI score0.0593EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2013/09/13 12:0 a.m.52 views

RHEL 6 : Red Hat JBoss Enterprise Application Platform 6.1.1 update (Moderate) (RHSA-2013:1208)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:1208 advisory. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves...

6.1CVSS7.7AI score0.29484EPSS
Exploits7References33
Tenable Nessus
Tenable Nessus
added 2013/09/10 12:0 a.m.32 views

RHEL 5 / 6 : xml-security (RHSA-2013:1217)

An updated xml-security package that fixes one security issue is now available for Red Hat JBoss Enterprise Application Platform 5.2.0 for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability...

4.3CVSS7.3AI score0.0593EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2013/09/09 4:51 p.m.7 views

Moderate: Red Hat Security Advisory: xml-security security update

An update for Red Hat JBoss Web Platform 5.2.0 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detaile...

4.3CVSS7.1AI score0.0593EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2013/09/09 4:50 p.m.37 views

Moderate: Red Hat Security Advisory: xml-security security update

An updated xml-security package that fixes one security issue is now available for Red Hat JBoss Enterprise Application Platform 5.2.0 for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability...

4.3CVSS7AI score0.0593EPSS
Exploits1References3
OSV
OSV
added 2013/08/20 10:55 p.m.9 views

CVE-2013-2172

jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization...

4.3CVSS6.1AI score0.0593EPSS
Exploits1References24
CVE
CVE
added 2013/08/20 10:0 p.m.119 views

CVE-2013-2172

CVE-2013-2172 affects Apache Santuario XML Security for Java (1.4.x &lt; 1.4.8; 1.5.x

4.3CVSS5.9AI score0.0593EPSS
Exploits1References24Affected Software1
UbuntuCve
UbuntuCve
added 2013/08/20 12:0 a.m.21 views

CVE-2013-2172

jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization...

4.3CVSS7.2AI score0.0593EPSS
Exploits1References4
seebug.org
seebug.org
added 2013/07/02 12:0 a.m.58 views

Apache XML Security签名伪造漏洞

CVE ID:CVE-2013-2172 Apache XML Security是一个XML安全标准下的数字签名实现 XML签名包含一个"CanonicalizationMethod"参数用于指定应用于签名的SignedInfo部分所需的规范化算法canonicalization algorithm。而实际是XML签名的Apache Santuario XML Security for Java实现允许把任意算法指定给此参数,可被利用对XML签名进行伪造攻击 0 Apache XML Security Java 1.5.x Apache XML Security Java 1.4.x...

4.3CVSS0.4AI score0.0593EPSS
Exploits1
Rows per page
Query Builder