CVE-2013-2172
Publication date 20 August 2013
Last updated 24 July 2024
Ubuntu priority
jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization algorithm to apply to the SignedInfo part of the Signature."
Status
Package | Ubuntu Release | Status |
---|---|---|
libxml-security-java | ||
14.04 LTS trusty | Not in release | |
Patch details
Package | Patch details |
---|---|
libxml-security-java |
References
Related Ubuntu Security Notices (USN)
- USN-2028-1
- Apache XML Security for Java vulnerability
- 12 November 2013