CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2013-2172

jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization algorithm to apply to the SignedInfo part of the Signature."

Exploit prediction scoring system (EPSS) score

EPSS Score 0.041

EPSS Ranking 88.0%

CVSS Severity

CVSS v2 Score 4.3

References

Products affected by CVE-2013-2172

Apache » Santuario Xml Security For Java » Version: 1.4.7

cpe:2.3:a:apache:santuario_xml_security_for_java:1.4.7
Apache » Santuario Xml Security For Java » Version: 1.5.0

cpe:2.3:a:apache:santuario_xml_security_for_java:1.5.0
Apache » Santuario Xml Security For Java » Version: 1.5.1

cpe:2.3:a:apache:santuario_xml_security_for_java:1.5.1
Apache » Santuario Xml Security For Java » Version: 1.5.2

cpe:2.3:a:apache:santuario_xml_security_for_java:1.5.2
Apache » Santuario Xml Security For Java » Version: 1.5.3

cpe:2.3:a:apache:santuario_xml_security_for_java:1.5.3
Apache » Santuario Xml Security For Java » Version: 1.5.4

cpe:2.3:a:apache:santuario_xml_security_for_java:1.5.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2013-2172

Products

Pricing

Contact Us