CVE-2013-2172 vulnerability in Apache Products
Published on August 20, 2013

jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization algorithm to apply to the SignedInfo part of the Signature."

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2013-2172

stack.watch emails you whenever new vulnerabilities are published in Apache Xml Security For Java or Apache Santuario Xml Security Java. Just hit a watch button to start following.

Apache Xml Security For Java

Apache Santuario Xml Security Java

Exploit Probability

EPSS

5.39%

Percentile

89.95%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2013-2172 vulnerability in Apache ProductsPublished on August 20, 2013

Products Associated with CVE-2013-2172

Exploit Probability

CVE-2013-2172 vulnerability in Apache Products
Published on August 20, 2013