CVE-2013-2172 (retired)

Priority
Description
jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache
Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5
allows context-dependent attackers to spoof an XML Signature by using the
CanonicalizationMethod parameter to specify an arbitrary weak
"canonicalization algorithm to apply to the SignedInfo part of the
Signature."
Assigned-to
mdeslaur
Notes
Package
Upstream:released (1.4.8, 1.5.5)
Patches:
Upstream:http://svn.apache.org/viewvc?view=revision&revision=1493772
More Information

Updated: 2019-10-09 07:47:03 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)