CVE - CVE-2013-2172

CVE-ID
CVE-2013-2172	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization algorithm to apply to the SignedInfo part of the Signature."
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities URL:http://seclists.org/fulldisclosure/2014/Dec/23 MISC:20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities URL:http://www.securityfocus.com/archive/1/534161/100/0/threaded MISC:54019 URL:http://secunia.com/advisories/54019 MISC:60846 URL:http://www.securityfocus.com/bid/60846 MISC:94651 URL:~~http://www.osvdb.org/94651~~ (Obsolete source) MISC:DSA-3065 URL:http://www.debian.org/security/2014/dsa-3065 MISC:RHSA-2013:1207 URL:http://rhn.redhat.com/errata/RHSA-2013-1207.html MISC:RHSA-2013:1208 URL:http://rhn.redhat.com/errata/RHSA-2013-1208.html MISC:RHSA-2013:1209 URL:http://rhn.redhat.com/errata/RHSA-2013-1209.html MISC:RHSA-2013:1217 URL:http://rhn.redhat.com/errata/RHSA-2013-1217.html MISC:RHSA-2013:1218 URL:http://rhn.redhat.com/errata/RHSA-2013-1218.html MISC:RHSA-2013:1219 URL:http://rhn.redhat.com/errata/RHSA-2013-1219.html MISC:RHSA-2013:1220 URL:http://rhn.redhat.com/errata/RHSA-2013-1220.html MISC:RHSA-2013:1375 URL:http://rhn.redhat.com/errata/RHSA-2013-1375.html MISC:RHSA-2013:1437 URL:http://rhn.redhat.com/errata/RHSA-2013-1437.html MISC:RHSA-2013:1853 URL:http://rhn.redhat.com/errata/RHSA-2013-1853.html MISC:RHSA-2014:0212 URL:http://rhn.redhat.com/errata/RHSA-2014-0212.html MISC:USN-2028-1 URL:http://www.ubuntu.com/usn/USN-2028-1 MISC:[santuario-commits] 20190823 svn commit: r1049214 - in /websites/production/santuario/content: cache/main.pageCache download.html index.html javaindex.html javareleasenotes.html secadv.data/CVE-2019-12400.asc secadv.html URL:https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3%40%3Ccommits.santuario.apache.org%3E MISC:[santuario-commits] 20210917 svn commit: r1076843 - in /websites/production/santuario/content: cache/main.pageCache index.html javaindex.html secadv.data/CVE-2021-40690.txt.asc secadv.html URL:https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd%40%3Ccommits.santuario.apache.org%3E MISC:http://santuario.apache.org/secadv.data/CVE-2013-2172.txt.asc URL:http://santuario.apache.org/secadv.data/CVE-2013-2172.txt.asc MISC:http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java?r1=1353876&r2=1493772&pathrev=1493772&diff_format=h URL:http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java?r1=1353876&r2=1493772&pathrev=1493772&diff_format=h MISC:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html URL:http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html MISC:http://www.vmware.com/security/advisories/VMSA-2014-0012.html URL:http://www.vmware.com/security/advisories/VMSA-2014-0012.html
Assigning CNA
Red Hat, Inc.
Date Record Created
20130219	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20130219)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)