CVE-2013-2172

2013-08-2000:00:00

ubuntu.com

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

75.8%

JSON

jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache
Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5
allows context-dependent attackers to spoof an XML Signature by using the
CanonicalizationMethod parameter to specify an arbitrary weak
“canonicalization algorithm to apply to the SignedInfo part of the
Signature.”

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720375>

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchlibxml-security-java< 1.4.3-2ubuntu0.1UNKNOWN
ubuntu12.04noarchlibxml-security-java< 1.4.5-1+deb7u1build0.12.04.1UNKNOWN