CVE-2013-2172 - Vulnerability Details

Description

jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization algorithm to apply to the SignedInfo part of the Signature."

Published: 2013-08-20

Score: 4.3 Medium

EPSS: 5.4% Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

OR	cpe:2.3:a:apache:santuario_xml_security_for_java:1.4.7:::::::*
	cpe:2.3:a:apache:santuario_xml_security_for_java:1.5.0:::::::*
	cpe:2.3:a:apache:santuario_xml_security_for_java:1.5.1:::::::*
	cpe:2.3:a:apache:santuario_xml_security_for_java:1.5.2:::::::*
	cpe:2.3:a:apache:santuario_xml_security_for_java:1.5.3:::::::*
	cpe:2.3:a:apache:santuario_xml_security_for_java:1.5.4:::::::*

Package	CPE	Advisory	Released Date
Fuse ESB Enterprise 7.1.0
	cpe:/a:redhat:fuse_esb_enterprise:7.1.0	RHSA-2014:1369	2014-10-09T00:00:00Z
Fuse Management Console 7.1.0
	cpe:/a:redhat:fuse_management_console:7.1.0	RHSA-2014:1369	2014-10-09T00:00:00Z
Fuse MQ Enterprise 7.1.0
	cpe:/a:redhat:fuse_mq_enterprise:7.1.0	RHSA-2014:1369	2014-10-09T00:00:00Z
JBEWP 5 for RHEL 5
xml-security-0:1.5.1-3_patch01.ep5.el5	cpe:/a:redhat:jboss_enterprise_web_platform:5::el5	RHSA-2013:1219	2013-09-09T00:00:00Z
JBEWP 5 for RHEL 6
xml-security-0:1.5.1-3_patch01.ep5.el6	cpe:/a:redhat:jboss_enterprise_web_platform:5::el6	RHSA-2013:1219	2013-09-09T00:00:00Z
JBoss Enterprise BRMS Platform 5.3
xmlsec	cpe:/a:redhat:jboss_enterprise_brms_platform:5.3	RHSA-2013:1375	2013-09-30T00:00:00Z
Red Hat JBoss Enterprise Application Platform 5.2
	cpe:/a:redhat:jboss_enterprise_application_platform:5.2.0	RHSA-2013:1218	2013-09-09T00:00:00Z
Red Hat JBoss Enterprise Application Platform 5 for RHEL 4
xml-security-0:1.5.1-3_patch01.ep5.el4	cpe:/a:redhat:jboss_enterprise_application_platform:5::el4	RHSA-2013:1217	2013-09-09T00:00:00Z
Red Hat JBoss Enterprise Application Platform 5 for RHEL 5
xml-security-0:1.5.1-3_patch01.ep5.el5	cpe:/a:redhat:jboss_enterprise_application_platform:5::el5	RHSA-2013:1217	2013-09-09T00:00:00Z
Red Hat JBoss Enterprise Application Platform 5 for RHEL 6
xml-security-0:1.5.1-3_patch01.ep5.el6	cpe:/a:redhat:jboss_enterprise_application_platform:5::el6	RHSA-2013:1217	2013-09-09T00:00:00Z
Red Hat JBoss Enterprise Application Platform 6.1
xmlsec	cpe:/a:redhat:jboss_enterprise_application_platform:6.1.1	RHSA-2013:1209	2013-09-04T00:00:00Z
Red Hat JBoss Enterprise Application Platform 6 for RHEL 5
apache-commons-beanutils-0:1.8.3-12.redhat_3.2.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
apache-commons-daemon-jsvc-eap6-1:1.0.15-2.redhat_2.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
apache-cxf-0:2.6.8-8.redhat_7.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
apache-cxf-xjc-utils-0:2.6.0-2.redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
hibernate4-0:4.2.0-11.SP1_redhat_1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
hornetq-0:2.3.5-2.Final_redhat_2.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
hornetq-native-0:2.3.5-1.Final_redhat_1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
httpd-0:2.2.22-25.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
infinispan-0:5.2.7-1.Final_redhat_1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
ironjacamar-0:1.0.19-1.Final_redhat_2.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jaxbintros-0:1.0.2-16.GA_redhat_6.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-aesh-0:0.33.7-2.redhat_2.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-as-appclient-0:7.2.1-5.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jbossas-appclient-0:7.2.1-5.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jbossas-bundles-0:7.2.1-5.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-as-cli-0:7.2.1-5.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-as-client-all-0:7.2.1-5.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-as-clustering-0:7.2.1-5.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-as-cmp-0:7.2.1-5.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-as-configadmin-0:7.2.1-5.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-as-connector-0:7.2.1-5.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-as-console-0:1.5.6-2.Final_redhat_2.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-as-controller-0:7.2.1-5.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-as-controller-client-0:7.2.1-5.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jbossas-core-0:7.2.1-6.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-as-deployment-repository-0:7.2.1-5.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-as-deployment-scanner-0:7.2.1-5.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jbossas-domain-0:7.2.1-5.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-as-domain-http-0:7.2.1-5.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-as-domain-management-0:7.2.1-5.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-as-ee-0:7.2.1-5.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-as-ee-deployment-0:7.2.1-5.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-as-ejb3-0:7.2.1-5.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-as-embedded-0:7.2.1-5.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-as-host-controller-0:7.2.1-5.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-as-jacorb-0:7.2.1-5.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jbossas-javadocs-0:7.2.1-2.Final_redhat_10.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-as-jaxr-0:7.2.1-5.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-as-jaxrs-0:7.2.1-5.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-as-jdr-0:7.2.1-5.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-as-jmx-0:7.2.1-5.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-as-jpa-0:7.2.1-5.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-as-jsf-0:7.2.1-5.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-as-jsr77-0:7.2.1-5.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-as-logging-0:7.2.1-5.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-as-mail-0:7.2.1-5.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-as-management-client-content-0:7.2.1-5.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-as-messaging-0:7.2.1-5.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-as-modcluster-0:7.2.1-5.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jbossas-modules-eap-0:7.2.1-9.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-as-naming-0:7.2.1-5.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-as-network-0:7.2.1-5.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-as-osgi-0:7.2.1-5.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-as-osgi-configadmin-0:7.2.1-5.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-as-osgi-service-0:7.2.1-5.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-as-platform-mbean-0:7.2.1-5.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-as-pojo-0:7.2.1-5.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-as-process-controller-0:7.2.1-5.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jbossas-product-eap-0:7.2.1-5.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-as-protocol-0:7.2.1-5.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-as-remoting-0:7.2.1-5.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-as-sar-0:7.2.1-5.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-as-security-0:7.2.1-5.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-as-server-0:7.2.1-5.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jbossas-standalone-0:7.2.1-6.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-as-system-jmx-0:7.2.1-5.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-as-threads-0:7.2.1-5.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-as-transactions-0:7.2.1-5.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-as-version-0:7.2.1-5.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-as-web-0:7.2.1-5.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-as-webservices-0:7.2.1-5.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jbossas-welcome-content-eap-0:7.2.1-5.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-as-weld-0:7.2.1-5.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-as-xts-0:7.2.1-5.Final_redhat_10.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-ejb-client-0:1.0.23-1.Final_redhat_1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-hal-0:1.5.7-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-invocation-0:1.1.2-1.Final_redhat_1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-jsp-api_2.2_spec-0:1.0.1-6.Final_redhat_2.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-logmanager-0:1.4.3-1.Final_redhat_1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-marshalling-0:1.3.18-2.GA_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-modules-0:1.2.2-1.Final_redhat_1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-remote-naming-0:1.0.7-1.Final_redhat_1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-security-negotiation-0:2.2.5-2.Final_redhat_2.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jboss-stdio-0:1.0.2-1.GA_redhat_1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jbossts-1:4.17.7-4.Final_redhat_4.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jbossweb-0:7.2.2-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jbossws-common-0:2.1.3-1.Final_redhat_1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jbossws-cxf-0:4.1.4-7.Final_redhat_7.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jbossws-spi-0:2.1.3-1.Final_redhat_1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jcip-annotations-eap6-0:1.0-4.redhat_4.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
jgroups-1:3.2.10-1.Final_redhat_2.2.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
log4j-jboss-logmanager-0:1.0.2-1.Final_redhat_1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
netty-0:3.6.6-3.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
opensaml-0:2.5.1-2.redhat_2.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
openws-0:1.4.2-10.redhat_4.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
picketbox-0:4.0.17-3.SP2_redhat_2.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
picketlink-federation-0:2.1.6.3-2.Final_redhat_2.2.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
wss4j-0:1.6.10-1.redhat_1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
xml-security-0:1.5.5-1.redhat_1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2013:1207	2013-09-04T00:00:00Z
Red Hat JBoss Enterprise Application Platform 6 for RHEL 6
apache-commons-beanutils-0:1.8.3-12.redhat_3.2.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
apache-commons-daemon-jsvc-eap6-1:1.0.15-2.redhat_2.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
apache-cxf-0:2.6.8-8.redhat_7.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
apache-cxf-xjc-utils-0:2.6.0-2.redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
hibernate4-0:4.2.0-7.SP1_redhat_1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
hornetq-0:2.3.5-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
hornetq-native-0:2.3.5-1.Final_redhat_1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
httpd-0:2.2.22-25.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
infinispan-0:5.2.7-1.Final_redhat_1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
ironjacamar-0:1.0.19-1.Final_redhat_2.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jaxbintros-0:1.0.2-16.GA_redhat_6.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-aesh-0:0.33.7-2.redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-as-appclient-0:7.2.1-5.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jbossas-appclient-0:7.2.1-5.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jbossas-bundles-0:7.2.1-5.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-as-cli-0:7.2.1-5.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-as-client-all-0:7.2.1-5.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-as-clustering-0:7.2.1-5.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-as-cmp-0:7.2.1-5.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-as-configadmin-0:7.2.1-5.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-as-connector-0:7.2.1-5.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-as-console-0:1.5.6-2.Final_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-as-controller-0:7.2.1-5.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-as-controller-client-0:7.2.1-5.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jbossas-core-0:7.2.1-6.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-as-deployment-repository-0:7.2.1-5.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-as-deployment-scanner-0:7.2.1-5.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jbossas-domain-0:7.2.1-5.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-as-domain-http-0:7.2.1-5.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-as-domain-management-0:7.2.1-5.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-as-ee-0:7.2.1-5.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-as-ee-deployment-0:7.2.1-5.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-as-ejb3-0:7.2.1-5.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-as-embedded-0:7.2.1-5.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-as-host-controller-0:7.2.1-5.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-as-jacorb-0:7.2.1-5.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jbossas-javadocs-0:7.2.1-2.Final_redhat_10.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-as-jaxr-0:7.2.1-5.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-as-jaxrs-0:7.2.1-5.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-as-jdr-0:7.2.1-5.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-as-jmx-0:7.2.1-5.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-as-jpa-0:7.2.1-5.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-as-jsf-0:7.2.1-5.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-as-jsr77-0:7.2.1-5.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-as-logging-0:7.2.1-5.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-as-mail-0:7.2.1-5.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-as-management-client-content-0:7.2.1-5.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-as-messaging-0:7.2.1-5.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-as-modcluster-0:7.2.1-5.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jbossas-modules-eap-0:7.2.1-9.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-as-naming-0:7.2.1-5.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-as-network-0:7.2.1-5.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-as-osgi-0:7.2.1-5.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-as-osgi-configadmin-0:7.2.1-5.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-as-osgi-service-0:7.2.1-5.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-as-platform-mbean-0:7.2.1-5.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-as-pojo-0:7.2.1-5.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-as-process-controller-0:7.2.1-5.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jbossas-product-eap-0:7.2.1-5.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-as-protocol-0:7.2.1-5.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-as-remoting-0:7.2.1-5.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-as-sar-0:7.2.1-5.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-as-security-0:7.2.1-5.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-as-server-0:7.2.1-5.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jbossas-standalone-0:7.2.1-6.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-as-system-jmx-0:7.2.1-5.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-as-threads-0:7.2.1-5.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-as-transactions-0:7.2.1-5.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-as-version-0:7.2.1-5.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-as-web-0:7.2.1-5.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-as-webservices-0:7.2.1-5.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jbossas-welcome-content-eap-0:7.2.1-5.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-as-weld-0:7.2.1-5.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-as-xts-0:7.2.1-5.Final_redhat_10.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-ejb-client-0:1.0.23-1.Final_redhat_1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-hal-0:1.5.7-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-invocation-0:1.1.2-1.Final_redhat_1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-jsp-api_2.2_spec-0:1.0.1-6.Final_redhat_2.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-logmanager-0:1.4.3-1.Final_redhat_1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-marshalling-0:1.3.18-1.GA_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-modules-0:1.2.2-1.Final_redhat_1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-remote-naming-0:1.0.7-1.Final_redhat_1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-security-negotiation-0:2.2.5-2.Final_redhat_2.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jboss-stdio-0:1.0.2-1.GA_redhat_1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jbossts-1:4.17.7-4.Final_redhat_4.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jbossweb-0:7.2.2-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jbossws-common-0:2.1.3-1.Final_redhat_1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jbossws-cxf-0:4.1.4-7.Final_redhat_7.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jbossws-spi-0:2.1.3-1.Final_redhat_1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jcip-annotations-eap6-0:1.0-4.redhat_4.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
jgroups-1:3.2.10-1.Final_redhat_2.2.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
log4j-jboss-logmanager-0:1.0.2-1.Final_redhat_1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
netty-0:3.6.6-2.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
opensaml-0:2.5.1-2.redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
openws-0:1.4.2-10.redhat_4.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
picketbox-0:4.0.17-3.SP2_redhat_2.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
picketlink-federation-0:2.1.6.3-2.Final_redhat_2.2.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
wss4j-0:1.6.10-1.redhat_1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
xml-security-0:1.5.5-1.redhat_1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2013:1208	2013-09-04T00:00:00Z
Red Hat JBoss Fuse 6.1
	cpe:/a:redhat:jboss_fuse:6.1.0	RHSA-2014:0400	2014-04-14T00:00:00Z
Red Hat JBoss Operations Network 3.2
	cpe:/a:redhat:jboss_operations_network:3.2.0	RHSA-2013:1853	2013-12-17T00:00:00Z
Red Hat JBoss Portal Platform 6.1
xmlsec	cpe:/a:redhat:jboss_enterprise_portal_platform:6.1.0	RHSA-2013:1437	2013-10-16T00:00:00Z
Red Hat JBoss SOA Platform 5.3
xmlsec	cpe:/a:redhat:jboss_enterprise_soa_platform:5.3	RHSA-2014:0212	2014-02-25T00:00:00Z
Red Hat JBoss Web Platform 5.2
	cpe:/a:redhat:jboss_enterprise_web_platform:5.2.0	RHSA-2013:1220	2013-09-09T00:00:00Z

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DLA	DLA-85-1	libxml-security-java security update
Debian DSA	DSA-3065-1	libxml-security-java security update
EUVD	EUVD-2022-5065	jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization algorithm to apply to the SignedInfo part of the Signature."
Github GHSA	GHSA-r237-w2w6-jq3p	Inefficient Algorithmic Complexity in Apache Santuario XML Security
Ubuntu USN	USN-2028-1	Apache XML Security for Java vulnerability

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.05394.

Key SSVC decision points have not yet been added.

References

Link	Providers
http://rhn.redhat.com/errata/RHSA-2013-1207.html
http://rhn.redhat.com/errata/RHSA-2013-1208.html
http://rhn.redhat.com/errata/RHSA-2013-1209.html
http://rhn.redhat.com/errata/RHSA-2013-1217.html
http://rhn.redhat.com/errata/RHSA-2013-1218.html
http://rhn.redhat.com/errata/RHSA-2013-1219.html
http://rhn.redhat.com/errata/RHSA-2013-1220.html
http://rhn.redhat.com/errata/RHSA-2013-1375.html
http://rhn.redhat.com/errata/RHSA-2013-1437.html
http://rhn.redhat.com/errata/RHSA-2013-1853.html
http://rhn.redhat.com/errata/RHSA-2014-0212.html
http://santuario.apache.org/secadv.data/CVE-2013-2172.txt.asc
http://seclists.org/fulldisclosure/2014/Dec/23
http://secunia.com/advisories/54019
http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java?r1=1353876&r2=1493772&pathrev=1493772&diff_format=h
http://www.debian.org/security/2014/dsa-3065
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
http://www.osvdb.org/94651
http://www.securityfocus.com/archive/1/534161/100/0/threaded
http://www.securityfocus.com/bid/60846
http://www.ubuntu.com/usn/USN-2028-1
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3%40%3Ccommits.santuario.apache.org%3E
https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd%40%3Ccommits.santuario.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2013-2172
https://www.cve.org/CVERecord?id=CVE-2013-2172

History

No history.

Subscriptions

Apache Santuario Xml Security For Java

Redhat Fuse Esb Enterprise Fuse Management Console Fuse Mq Enterprise Jboss Enterprise Application Platform Jboss Enterprise Brms Platform Jboss Enterprise Portal Platform Jboss Enterprise Soa Platform Jboss Enterprise Web Platform Jboss Fuse Jboss Operations Network

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2013-08-20T22:00:00.000Z

Updated: 2024-08-06T15:27:41.140Z

Reserved: 2013-02-19T00:00:00.000Z

Link: CVE-2013-2172

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2013-08-20T22:55:04.093

Modified: 2025-04-11T00:51:21.963

Link: CVE-2013-2172

Redhat

Severity : Moderate

Publid Date: 2013-06-25T00:00:00Z

Links: CVE-2013-2172 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

Tracking

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object