Vulnerability in Apache Santuario_xml_security_for_java

CVE-2013-2172

jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod p…

Vulnerability class: POODLE (CVE-2014-3566)

EPSS: 0.059 (92.3th percentile) — read the EPSS interpretation.

Affected products

Apache Santuario_xml_security_for_java — versions 1.4.7, 1.5.0, 1.5.1
N/a — versions n/a

Weakness classification (CWE)

CWE-310 — Cryptographic Issues

References

secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (mailing-list, x_refsource_BUGTRAQ)
secalert@redhat.com (x_refsource_UBUNTU, vendor-advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)