CVE-2013-2172

medium

Apache

CVSS v3 Base Score

4.3

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS Score

5.4%

Exploitation probability in 30 days

Top 10% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Confidentiality

None

Integrity

Availability

None

Published: August 20, 2013 (4650 days ago)

Last Modified: April 29, 2026

Vendor: Apache

Source: NVD

Description

jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization algorithm to apply to the SignedInfo part of the Signature."

CWE

CWE-310

Affected Products

apache santuario xml security for java

References

🔗 rhn.redhat.com 🔗 rhn.redhat.com 🔗 rhn.redhat.com 🔗 rhn.redhat.com 🔗 rhn.redhat.com

CVE-2013-2172

Vulnerability Report

Description

CWE

Affected Products

References