jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization algorithm to apply to the SignedInfo part of the Signature."
References
Link Providers
http://rhn.redhat.com/errata/RHSA-2013-1207.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2013-1208.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2013-1209.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2013-1217.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2013-1218.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2013-1219.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2013-1220.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2013-1375.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2013-1437.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2013-1853.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2014-0212.html cve-icon cve-icon
http://santuario.apache.org/secadv.data/CVE-2013-2172.txt.asc cve-icon cve-icon cve-icon
http://seclists.org/fulldisclosure/2014/Dec/23 cve-icon cve-icon
http://secunia.com/advisories/54019 cve-icon cve-icon
http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java?r1=1353876&r2=1493772&pathrev=1493772&diff_format=h cve-icon cve-icon
http://www.debian.org/security/2014/dsa-3065 cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html cve-icon cve-icon
http://www.osvdb.org/94651 cve-icon cve-icon
http://www.securityfocus.com/archive/1/534161/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/bid/60846 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-2028-1 cve-icon cve-icon
http://www.vmware.com/security/advisories/VMSA-2014-0012.html cve-icon cve-icon
https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3%40%3Ccommits.santuario.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd%40%3Ccommits.santuario.apache.org%3E cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2013-2172 cve-icon
https://www.cve.org/CVERecord?id=CVE-2013-2172 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2013-08-20T22:00:00

Updated: 2024-08-06T15:27:41.140Z

Reserved: 2013-02-19T00:00:00

Link: CVE-2013-2172

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2013-08-20T22:55:04.093

Modified: 2024-11-21T01:51:10.880

Link: CVE-2013-2172

cve-icon Redhat

Severity : Moderate

Publid Date: 2013-06-25T00:00:00Z

Links: CVE-2013-2172 - Bugzilla