5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
Apache Santuario XML Security is vulnerable to bypass attacks. Apache Santuario XML Security for Java 2.0.x before 2.0.3 allows malicious users to remotely bypass the streaming XML signature protection mechanism. It does not affect versions 1.4.x or 1.5.x.
CPE | Name | Operator | Version |
---|---|---|---|
apache xml security for java | le | 2.0.2 |
santuario.apache.org/secadv.data/CVE-2014-8152.txt
santuario.apache.org/secadv.data/CVE-2014-8152.txt.asc
seclists.org/oss-sec/2015/q1/181
www.openwall.com/lists/oss-security/2015/01/19/2
www.securityfocus.com/bid/72115
www.securitytracker.com/id/1031556
exchange.xforce.ibmcloud.com/vulnerabilities/99993
lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3@%3Ccommits.santuario.apache.org%3E
lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd@%3Ccommits.santuario.apache.org%3E