Xml Security For Java Apache Xml Security For Java

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Apache Xml Security For Java.

By the Year

In 2024 there have been 0 vulnerabilities in Apache Xml Security For Java . Xml Security For Java did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 0 0.00
2022 0 0.00
2021 1 7.50
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Xml Security For Java vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Apache Xml Security For Java Security Vulnerabilities

All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo

CVE-2021-40690 7.5 - High - September 19, 2021

All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.

Information Disclosure

Apache Santuario XML Security for Java before 1.5.6, when applying Transforms

CVE-2013-4517 - January 11, 2014

Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures.

Resource Management Errors

jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5

CVE-2013-2172 - August 20, 2013

jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization algorithm to apply to the SignedInfo part of the Signature."

Cryptographic Issues

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Apache Santuario Xml Security Java or by Apache? Click the Watch button to subscribe.

Apache
Vendor

subscribe