Veracode Vulnerability DatabaseVERACODE:3094

HistoryDec 08, 2016 - 5:23 a.m.

Bypass XML Signature Protection Mechanism

2016-12-0805:23:44

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

JSON

Apache Santuario XML Security is vulnerable to bypass attacks. Apache Santuario XML Security for Java 2.0.x before 2.0.3 allows malicious users to remotely bypass the streaming XML signature protection mechanism. It does not affect versions 1.4.x or 1.5.x.

CPENameOperatorVersion
apache xml security for javale2.0.2

CPE	Name	Operator	Version
	apache xml security for java	le	2.0.2

References

santuario.apache.org/secadv.data/CVE-2014-8152.txt

santuario.apache.org/secadv.data/CVE-2014-8152.txt.asc

seclists.org/oss-sec/2015/q1/181

www.openwall.com/lists/oss-security/2015/01/19/2

www.securityfocus.com/bid/72115

www.securitytracker.com/id/1031556

exchange.xforce.ibmcloud.com/vulnerabilities/99993

lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3@%3Ccommits.santuario.apache.org%3E

lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd@%3Ccommits.santuario.apache.org%3E

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

JSON

Related for VERACODE:3094