CVE-2013-2172
Published: 20 August 2013
jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization algorithm to apply to the SignedInfo part of the Signature."
Priority
Status
| Package | Release | Status |
|---|---|---|
|
libxml-security-java Launchpad, Ubuntu, Debian |
lucid |
Released
(1.4.3-2ubuntu0.1)
|
| precise |
Released
(1.4.5-1+deb7u1build0.12.04.1)
|
|
| trusty |
Does not exist
(trusty was not-affected [1.5.5-2])
|
|
| upstream |
Released
(1.4.8, 1.5.5)
|
|
| utopic |
Not vulnerable
(1.5.5-2)
|
|
| vivid |
Not vulnerable
(1.5.5-2)
|
|
|
Patches: upstream: http://svn.apache.org/viewvc?view=revision&revision=1493772 |
||