Search criteria
12 vulnerabilities found for santuario_xml_security_for_java by apache
CVE-2023-44483 (GCVE-0-2023-44483)
Vulnerability from nvd – Published: 2023-10-20 09:23 – Updated: 2025-11-03 21:49
VLAI?
Title
Apache Santuario: Private Key disclosure in debug-log output
Summary
All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.
Severity ?
No CVSS data available.
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Santuario |
Affected:
2.2 , < 2.2.6
(semver)
Affected: 2.3 , < 2.3.4 (semver) Affected: 3.0 , < 3.0.3 (semver) |
Credits
Apache Santuario would like to thank Max Fichtelmann for reporting this issue.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:49:47.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/20/5"
},
{
"url": "https://security.netapp.com/advisory/ntap-20241108-0002/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-44483",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T14:33:15.116438Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T14:36:02.225Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Santuario",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "2.2.6",
"status": "affected",
"version": "2.2",
"versionType": "semver"
},
{
"lessThan": "2.3.4",
"status": "affected",
"version": "2.3",
"versionType": "semver"
},
{
"lessThan": "3.0.3",
"status": "affected",
"version": "3.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Apache Santuario would like to thank Max Fichtelmann for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled.\u0026nbsp;Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.\u003cbr\u003e"
}
],
"value": "All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled.\u00a0Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T09:25:12.008Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/20/5"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Santuario: Private Key disclosure in debug-log output",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2023-44483",
"datePublished": "2023-10-20T09:23:53.483Z",
"dateReserved": "2023-09-29T15:05:04.230Z",
"dateUpdated": "2025-11-03T21:49:47.169Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-40690 (GCVE-0-2021-40690)
Vulnerability from nvd – Published: 2021-09-19 00:00 – Updated: 2024-08-04 02:51
VLAI?
Title
Bypass of the secureValidation property
Summary
All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.
Severity ?
No CVSS data available.
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Santuario |
Affected:
XML Security for Java , < 2.2.3,2.1.7
(custom)
|
Credits
An Trinh, Calif.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:51:06.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8848751b6a5dd78cc9e99d627e74fecfaffdfa1bb615dce827aad633%40%3Cdev.santuario.apache.org%3E"
},
{
"name": "[tomee-commits] 20210922 [tomee] 02/02: Update xmlsec to 2.2.3 to mitigate CVE-2021-40690",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rbdac116aef912b563da54f4c152222c0754e32fb2f785519ac5e059f%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20210923 [jira] [Resolved] (TOMEE-3798) TomEE (8.0.8) is affected by CVE-2021-40690 vulnerability",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re294cfc61f509512874ea514d8d64fd276253d54ac378ffa7a4880c8%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20210923 [jira] [Created] (TOMEE-3798) TomEE (8.0.8) is affected by CVE-2021-40690 vulnerability",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8a5c0ce9014bd07303aec1e5eed55951704878016465d3dae00e0c28%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20210923 [jira] [Assigned] (TOMEE-3798) TomEE (8.0.8) is affected by CVE-2021-40690 vulnerability",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9c100d53c84d54cf71975e3f0cfcc2856a8846554a04c99390156ce4%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20210923 [jira] [Updated] (TOMEE-3798) TomEE (8.0.8) is affected by CVE-2021-40690 vulnerability",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r3b3f5ba9b0de8c9c125077b71af06026d344a709a8ba67db81ee9faa%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[poi-user] 20210923 Re: CVE-2021-40690 on xmlsec jar",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/raf352f95c19c0c4051af3180752cb69acbea88d0d066ab176c6170e8%40%3Cuser.poi.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20210927 [SECURITY] [DLA 2767-1] libxml-security-java security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00015.html"
},
{
"name": "[cxf-issues] 20211027 [jira] [Created] (CXF-8613) High Security issues reported with Apache Santuario library bundled in CXF 3.4.4",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r401ecb7274794f040cd757b259ebe3e8c463ae74f7961209ccad3c59%40%3Cissues.cxf.apache.org%3E"
},
{
"name": "[tomee-commits] 20211028 [jira] [Updated] (TOMEE-3798) TomEE (8.0.8) is affected by CVE-2021-40690 vulnerability",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rbbbac0759b12472abd0c278d32b5e0867bb21934df8e14e5e641597c%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "DSA-5010",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-5010"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230818-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Santuario",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "2.2.3,2.1.7",
"status": "affected",
"version": "XML Security for Java",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "An Trinh, Calif."
}
],
"descriptions": [
{
"lang": "en",
"value": "All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the \"secureValidation\" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-18T13:06:19.359156",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"url": "https://lists.apache.org/thread.html/r8848751b6a5dd78cc9e99d627e74fecfaffdfa1bb615dce827aad633%40%3Cdev.santuario.apache.org%3E"
},
{
"name": "[tomee-commits] 20210922 [tomee] 02/02: Update xmlsec to 2.2.3 to mitigate CVE-2021-40690",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rbdac116aef912b563da54f4c152222c0754e32fb2f785519ac5e059f%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20210923 [jira] [Resolved] (TOMEE-3798) TomEE (8.0.8) is affected by CVE-2021-40690 vulnerability",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/re294cfc61f509512874ea514d8d64fd276253d54ac378ffa7a4880c8%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20210923 [jira] [Created] (TOMEE-3798) TomEE (8.0.8) is affected by CVE-2021-40690 vulnerability",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r8a5c0ce9014bd07303aec1e5eed55951704878016465d3dae00e0c28%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20210923 [jira] [Assigned] (TOMEE-3798) TomEE (8.0.8) is affected by CVE-2021-40690 vulnerability",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r9c100d53c84d54cf71975e3f0cfcc2856a8846554a04c99390156ce4%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20210923 [jira] [Updated] (TOMEE-3798) TomEE (8.0.8) is affected by CVE-2021-40690 vulnerability",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r3b3f5ba9b0de8c9c125077b71af06026d344a709a8ba67db81ee9faa%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[poi-user] 20210923 Re: CVE-2021-40690 on xmlsec jar",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/raf352f95c19c0c4051af3180752cb69acbea88d0d066ab176c6170e8%40%3Cuser.poi.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20210927 [SECURITY] [DLA 2767-1] libxml-security-java security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00015.html"
},
{
"name": "[cxf-issues] 20211027 [jira] [Created] (CXF-8613) High Security issues reported with Apache Santuario library bundled in CXF 3.4.4",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r401ecb7274794f040cd757b259ebe3e8c463ae74f7961209ccad3c59%40%3Cissues.cxf.apache.org%3E"
},
{
"name": "[tomee-commits] 20211028 [jira] [Updated] (TOMEE-3798) TomEE (8.0.8) is affected by CVE-2021-40690 vulnerability",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rbbbac0759b12472abd0c278d32b5e0867bb21934df8e14e5e641597c%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "DSA-5010",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2021/dsa-5010"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230818-0002/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Bypass of the secureValidation property",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2021-40690",
"datePublished": "2021-09-19T00:00:00",
"dateReserved": "2021-09-08T00:00:00",
"dateUpdated": "2024-08-04T02:51:06.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12400 (GCVE-0-2019-12400)
Vulnerability from nvd – Published: 2019-08-23 20:30 – Updated: 2024-08-04 23:17
VLAI?
Summary
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this implementation might be cached and re-used by Apache Santuario - XML Security for Java, leading to potential security flaws when validating signed documents, etc. The vulnerability affects Apache Santuario - XML Security for Java 2.0.x releases from 2.0.3 and all 2.1.x releases before 2.1.4.
Severity ?
No CVSS data available.
CWE
- Process Control
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache | Apache Santuario - XML Security for Java |
Affected:
All 2.0.x releases from 2.0.3
Affected: all 2.1.x releases before 2.1.4. |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:17:40.035Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[santuario-dev] 20190905 Re: [CVE-2019-12400] Apache Santuario potentially loads XML parsing code from an untrusted source",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/8e814b925bf580bc527d96ff51e72ffe5bdeaa4b8bf5b89498cab24c%40%3Cdev.santuario.apache.org%3E"
},
{
"name": "[santuario-dev] 20190906 Re: [CVE-2019-12400] Apache Santuario potentially loads XML parsing code from an untrusted source",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/edaa7edb9c58e5f5bd0c950f2b6232b62b15f5c44ad803e8728308ce%40%3Cdev.santuario.apache.org%3E"
},
{
"name": "RHSA-2020:0806",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0806"
},
{
"name": "RHSA-2020:0811",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0811"
},
{
"name": "RHSA-2020:0804",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0804"
},
{
"name": "RHSA-2020:0805",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0805"
},
{
"name": "[tomee-commits] 20200324 [jira] [Created] (TOMEE-2791) TomEE plus(7.0.7) is affected by CVE-2019-12400 vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcdc0da94fe21b26493eae47ca987a290bdf90c721a7a42491fdd41d4%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20200720 [jira] [Created] (TOMEE-2885) Update Apache XML Security for Java to mitigate CVE-2019-12400",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf82be0a7c98cd3545e20817bb96ed05551ea0020acbaf9a469fef402%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20200720 [jira] [Assigned] (TOMEE-2885) Update Apache XML Security for Java to mitigate CVE-2019-12400",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r107bffb06a5e27457fe9af7dfe3a233d0d36c6c2f5122f117eb7f626%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20200720 [jira] [Commented] (TOMEE-2885) Update Apache XML Security for Java to mitigate CVE-2019-12400",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf958cea96236de8829940109ae07e870aa3d59235345421e4924ff03%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[santuario-commits] 20210917 svn commit: r1076843 - in /websites/production/santuario/content: cache/main.pageCache index.html javaindex.html secadv.data/CVE-2021-40690.txt.asc secadv.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd%40%3Ccommits.santuario.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://santuario.apache.org/secadv.data/CVE-2019-12400.asc?version=1\u0026modificationDate=1566573083000\u0026api=v2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190910-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Santuario - XML Security for Java",
"vendor": "Apache",
"versions": [
{
"status": "affected",
"version": "All 2.0.x releases from 2.0.3"
},
{
"status": "affected",
"version": "all 2.1.x releases before 2.1.4."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this implementation might be cached and re-used by Apache Santuario - XML Security for Java, leading to potential security flaws when validating signed documents, etc. The vulnerability affects Apache Santuario - XML Security for Java 2.0.x releases from 2.0.3 and all 2.1.x releases before 2.1.4."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Process Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-20T10:38:20",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[santuario-dev] 20190905 Re: [CVE-2019-12400] Apache Santuario potentially loads XML parsing code from an untrusted source",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/8e814b925bf580bc527d96ff51e72ffe5bdeaa4b8bf5b89498cab24c%40%3Cdev.santuario.apache.org%3E"
},
{
"name": "[santuario-dev] 20190906 Re: [CVE-2019-12400] Apache Santuario potentially loads XML parsing code from an untrusted source",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/edaa7edb9c58e5f5bd0c950f2b6232b62b15f5c44ad803e8728308ce%40%3Cdev.santuario.apache.org%3E"
},
{
"name": "RHSA-2020:0806",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0806"
},
{
"name": "RHSA-2020:0811",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0811"
},
{
"name": "RHSA-2020:0804",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0804"
},
{
"name": "RHSA-2020:0805",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0805"
},
{
"name": "[tomee-commits] 20200324 [jira] [Created] (TOMEE-2791) TomEE plus(7.0.7) is affected by CVE-2019-12400 vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rcdc0da94fe21b26493eae47ca987a290bdf90c721a7a42491fdd41d4%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20200720 [jira] [Created] (TOMEE-2885) Update Apache XML Security for Java to mitigate CVE-2019-12400",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf82be0a7c98cd3545e20817bb96ed05551ea0020acbaf9a469fef402%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20200720 [jira] [Assigned] (TOMEE-2885) Update Apache XML Security for Java to mitigate CVE-2019-12400",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r107bffb06a5e27457fe9af7dfe3a233d0d36c6c2f5122f117eb7f626%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20200720 [jira] [Commented] (TOMEE-2885) Update Apache XML Security for Java to mitigate CVE-2019-12400",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf958cea96236de8829940109ae07e870aa3d59235345421e4924ff03%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[santuario-commits] 20210917 svn commit: r1076843 - in /websites/production/santuario/content: cache/main.pageCache index.html javaindex.html secadv.data/CVE-2021-40690.txt.asc secadv.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd%40%3Ccommits.santuario.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://santuario.apache.org/secadv.data/CVE-2019-12400.asc?version=1\u0026modificationDate=1566573083000\u0026api=v2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190910-0003/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2019-12400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Santuario - XML Security for Java",
"version": {
"version_data": [
{
"version_value": "All 2.0.x releases from 2.0.3"
},
{
"version_value": "all 2.1.x releases before 2.1.4."
}
]
}
}
]
},
"vendor_name": "Apache"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this implementation might be cached and re-used by Apache Santuario - XML Security for Java, leading to potential security flaws when validating signed documents, etc. The vulnerability affects Apache Santuario - XML Security for Java 2.0.x releases from 2.0.3 and all 2.1.x releases before 2.1.4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Process Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[santuario-dev] 20190905 Re: [CVE-2019-12400] Apache Santuario potentially loads XML parsing code from an untrusted source",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/8e814b925bf580bc527d96ff51e72ffe5bdeaa4b8bf5b89498cab24c@%3Cdev.santuario.apache.org%3E"
},
{
"name": "[santuario-dev] 20190906 Re: [CVE-2019-12400] Apache Santuario potentially loads XML parsing code from an untrusted source",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/edaa7edb9c58e5f5bd0c950f2b6232b62b15f5c44ad803e8728308ce@%3Cdev.santuario.apache.org%3E"
},
{
"name": "RHSA-2020:0806",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0806"
},
{
"name": "RHSA-2020:0811",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0811"
},
{
"name": "RHSA-2020:0804",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0804"
},
{
"name": "RHSA-2020:0805",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0805"
},
{
"name": "[tomee-commits] 20200324 [jira] [Created] (TOMEE-2791) TomEE plus(7.0.7) is affected by CVE-2019-12400 vulnerability",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rcdc0da94fe21b26493eae47ca987a290bdf90c721a7a42491fdd41d4@%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20200720 [jira] [Created] (TOMEE-2885) Update Apache XML Security for Java to mitigate CVE-2019-12400",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf82be0a7c98cd3545e20817bb96ed05551ea0020acbaf9a469fef402@%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20200720 [jira] [Assigned] (TOMEE-2885) Update Apache XML Security for Java to mitigate CVE-2019-12400",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r107bffb06a5e27457fe9af7dfe3a233d0d36c6c2f5122f117eb7f626@%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20200720 [jira] [Commented] (TOMEE-2885) Update Apache XML Security for Java to mitigate CVE-2019-12400",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf958cea96236de8829940109ae07e870aa3d59235345421e4924ff03@%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[santuario-commits] 20210917 svn commit: r1076843 - in /websites/production/santuario/content: cache/main.pageCache index.html javaindex.html secadv.data/CVE-2021-40690.txt.asc secadv.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd@%3Ccommits.santuario.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "http://santuario.apache.org/secadv.data/CVE-2019-12400.asc?version=1\u0026modificationDate=1566573083000\u0026api=v2",
"refsource": "CONFIRM",
"url": "http://santuario.apache.org/secadv.data/CVE-2019-12400.asc?version=1\u0026modificationDate=1566573083000\u0026api=v2"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190910-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190910-0003/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2019-12400",
"datePublished": "2019-08-23T20:30:33",
"dateReserved": "2019-05-28T00:00:00",
"dateUpdated": "2024-08-04T23:17:40.035Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8152 (GCVE-0-2014-8152)
Vulnerability from nvd – Published: 2015-01-21 18:00 – Updated: 2024-08-06 13:10
VLAI?
Summary
Apache Santuario XML Security for Java 2.0.x before 2.0.3 allows remote attackers to bypass the streaming XML signature protection mechanism via a crafted XML document.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:10:51.014Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "apache-santuario-cve20148152-sec-bypass(99993)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99993"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://santuario.apache.org/secadv.data/CVE-2014-8152.txt.asc"
},
{
"name": "72115",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72115"
},
{
"name": "1031556",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031556"
},
{
"name": "[oss-security] 20150119 New Apache Santuario security advisory CVE-2014-8152",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2015/q1/181"
},
{
"name": "[santuario-commits] 20190823 svn commit: r1049214 - in /websites/production/santuario/content: cache/main.pageCache download.html index.html javaindex.html javareleasenotes.html secadv.data/CVE-2019-12400.asc secadv.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3%40%3Ccommits.santuario.apache.org%3E"
},
{
"name": "[santuario-commits] 20210917 svn commit: r1076843 - in /websites/production/santuario/content: cache/main.pageCache index.html javaindex.html secadv.data/CVE-2021-40690.txt.asc secadv.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd%40%3Ccommits.santuario.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache Santuario XML Security for Java 2.0.x before 2.0.3 allows remote attackers to bypass the streaming XML signature protection mechanism via a crafted XML document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-17T10:06:17",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "apache-santuario-cve20148152-sec-bypass(99993)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99993"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://santuario.apache.org/secadv.data/CVE-2014-8152.txt.asc"
},
{
"name": "72115",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72115"
},
{
"name": "1031556",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031556"
},
{
"name": "[oss-security] 20150119 New Apache Santuario security advisory CVE-2014-8152",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2015/q1/181"
},
{
"name": "[santuario-commits] 20190823 svn commit: r1049214 - in /websites/production/santuario/content: cache/main.pageCache download.html index.html javaindex.html javareleasenotes.html secadv.data/CVE-2019-12400.asc secadv.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3%40%3Ccommits.santuario.apache.org%3E"
},
{
"name": "[santuario-commits] 20210917 svn commit: r1076843 - in /websites/production/santuario/content: cache/main.pageCache index.html javaindex.html secadv.data/CVE-2021-40690.txt.asc secadv.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd%40%3Ccommits.santuario.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-8152",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Santuario XML Security for Java 2.0.x before 2.0.3 allows remote attackers to bypass the streaming XML signature protection mechanism via a crafted XML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "apache-santuario-cve20148152-sec-bypass(99993)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99993"
},
{
"name": "http://santuario.apache.org/secadv.data/CVE-2014-8152.txt.asc",
"refsource": "CONFIRM",
"url": "http://santuario.apache.org/secadv.data/CVE-2014-8152.txt.asc"
},
{
"name": "72115",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72115"
},
{
"name": "1031556",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031556"
},
{
"name": "[oss-security] 20150119 New Apache Santuario security advisory CVE-2014-8152",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2015/q1/181"
},
{
"name": "[santuario-commits] 20190823 svn commit: r1049214 - in /websites/production/santuario/content: cache/main.pageCache download.html index.html javaindex.html javareleasenotes.html secadv.data/CVE-2019-12400.asc secadv.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3@%3Ccommits.santuario.apache.org%3E"
},
{
"name": "[santuario-commits] 20210917 svn commit: r1076843 - in /websites/production/santuario/content: cache/main.pageCache index.html javaindex.html secadv.data/CVE-2021-40690.txt.asc secadv.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd@%3Ccommits.santuario.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-8152",
"datePublished": "2015-01-21T18:00:00",
"dateReserved": "2014-10-10T00:00:00",
"dateUpdated": "2024-08-06T13:10:51.014Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4517 (GCVE-0-2013-4517)
Vulnerability from nvd – Published: 2014-01-11 01:00 – Updated: 2024-08-06 16:45
VLAI?
Summary
Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.816Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2014:1728",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1728.html"
},
{
"name": "RHSA-2014:1726",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1726.html"
},
{
"name": "RHSA-2014:0170",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0170.html"
},
{
"name": "RHSA-2015:0675",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
},
{
"name": "101169",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/101169"
},
{
"name": "RHSA-2015:0850",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0850.html"
},
{
"name": "RHSA-2014:0195",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0195.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2018-15"
},
{
"name": "santuario-xmlsecurity-cve20134517-dos(89891)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89891"
},
{
"name": "RHSA-2014:1727",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1727.html"
},
{
"name": "RHSA-2015:0851",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0851.html"
},
{
"name": "20131218 Apache Santuario security advisory CVE-2013-4517 released",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2013/Dec/169"
},
{
"name": "1029524",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029524"
},
{
"name": "RHSA-2014:0172",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0172.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://santuario.apache.org/secadv.data/cve-2013-4517.txt.asc"
},
{
"name": "RHSA-2014:0171",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0171.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/124554/Java-XML-Signature-Denial-Of-Service-Attack.html"
},
{
"name": "64437",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64437"
},
{
"name": "RHSA-2014:1725",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1725.html"
},
{
"name": "55639",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55639"
},
{
"name": "[santuario-commits] 20190823 svn commit: r1049214 - in /websites/production/santuario/content: cache/main.pageCache download.html index.html javaindex.html javareleasenotes.html secadv.data/CVE-2019-12400.asc secadv.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3%40%3Ccommits.santuario.apache.org%3E"
},
{
"name": "[santuario-commits] 20210917 svn commit: r1076843 - in /websites/production/santuario/content: cache/main.pageCache index.html javaindex.html secadv.data/CVE-2021-40690.txt.asc secadv.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd%40%3Ccommits.santuario.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-17T10:06:09",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2014:1728",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1728.html"
},
{
"name": "RHSA-2014:1726",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1726.html"
},
{
"name": "RHSA-2014:0170",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0170.html"
},
{
"name": "RHSA-2015:0675",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
},
{
"name": "101169",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/101169"
},
{
"name": "RHSA-2015:0850",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0850.html"
},
{
"name": "RHSA-2014:0195",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0195.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2018-15"
},
{
"name": "santuario-xmlsecurity-cve20134517-dos(89891)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89891"
},
{
"name": "RHSA-2014:1727",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1727.html"
},
{
"name": "RHSA-2015:0851",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0851.html"
},
{
"name": "20131218 Apache Santuario security advisory CVE-2013-4517 released",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2013/Dec/169"
},
{
"name": "1029524",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029524"
},
{
"name": "RHSA-2014:0172",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0172.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://santuario.apache.org/secadv.data/cve-2013-4517.txt.asc"
},
{
"name": "RHSA-2014:0171",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0171.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://packetstormsecurity.com/files/124554/Java-XML-Signature-Denial-Of-Service-Attack.html"
},
{
"name": "64437",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64437"
},
{
"name": "RHSA-2014:1725",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1725.html"
},
{
"name": "55639",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55639"
},
{
"name": "[santuario-commits] 20190823 svn commit: r1049214 - in /websites/production/santuario/content: cache/main.pageCache download.html index.html javaindex.html javareleasenotes.html secadv.data/CVE-2019-12400.asc secadv.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3%40%3Ccommits.santuario.apache.org%3E"
},
{
"name": "[santuario-commits] 20210917 svn commit: r1076843 - in /websites/production/santuario/content: cache/main.pageCache index.html javaindex.html secadv.data/CVE-2021-40690.txt.asc secadv.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd%40%3Ccommits.santuario.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4517",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2014:1728",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1728.html"
},
{
"name": "RHSA-2014:1726",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1726.html"
},
{
"name": "RHSA-2014:0170",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0170.html"
},
{
"name": "RHSA-2015:0675",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
},
{
"name": "101169",
"refsource": "OSVDB",
"url": "http://osvdb.org/101169"
},
{
"name": "RHSA-2015:0850",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0850.html"
},
{
"name": "RHSA-2014:0195",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0195.html"
},
{
"name": "https://www.tenable.com/security/tns-2018-15",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2018-15"
},
{
"name": "santuario-xmlsecurity-cve20134517-dos(89891)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89891"
},
{
"name": "RHSA-2014:1727",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1727.html"
},
{
"name": "RHSA-2015:0851",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0851.html"
},
{
"name": "20131218 Apache Santuario security advisory CVE-2013-4517 released",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/Dec/169"
},
{
"name": "1029524",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029524"
},
{
"name": "RHSA-2014:0172",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0172.html"
},
{
"name": "http://santuario.apache.org/secadv.data/cve-2013-4517.txt.asc",
"refsource": "CONFIRM",
"url": "http://santuario.apache.org/secadv.data/cve-2013-4517.txt.asc"
},
{
"name": "RHSA-2014:0171",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0171.html"
},
{
"name": "http://packetstormsecurity.com/files/124554/Java-XML-Signature-Denial-Of-Service-Attack.html",
"refsource": "CONFIRM",
"url": "http://packetstormsecurity.com/files/124554/Java-XML-Signature-Denial-Of-Service-Attack.html"
},
{
"name": "64437",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64437"
},
{
"name": "RHSA-2014:1725",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1725.html"
},
{
"name": "55639",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55639"
},
{
"name": "[santuario-commits] 20190823 svn commit: r1049214 - in /websites/production/santuario/content: cache/main.pageCache download.html index.html javaindex.html javareleasenotes.html secadv.data/CVE-2019-12400.asc secadv.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3@%3Ccommits.santuario.apache.org%3E"
},
{
"name": "[santuario-commits] 20210917 svn commit: r1076843 - in /websites/production/santuario/content: cache/main.pageCache index.html javaindex.html secadv.data/CVE-2021-40690.txt.asc secadv.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd@%3Ccommits.santuario.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4517",
"datePublished": "2014-01-11T01:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:14.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2172 (GCVE-0-2013-2172)
Vulnerability from nvd – Published: 2013-08-20 22:00 – Updated: 2024-08-06 15:27
VLAI?
Summary
jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization algorithm to apply to the SignedInfo part of the Signature."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:27:41.140Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2013:1219",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1219.html"
},
{
"name": "54019",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54019"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "RHSA-2013:1218",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1218.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://santuario.apache.org/secadv.data/CVE-2013-2172.txt.asc"
},
{
"name": "RHSA-2013:1209",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1209.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "USN-2028-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2028-1"
},
{
"name": "RHSA-2013:1217",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1217.html"
},
{
"name": "RHSA-2013:1437",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1437.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java?r1=1353876\u0026r2=1493772\u0026pathrev=1493772\u0026diff_format=h"
},
{
"name": "RHSA-2013:1207",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1207.html"
},
{
"name": "RHSA-2013:1375",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1375.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "RHSA-2014:0212",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0212.html"
},
{
"name": "RHSA-2013:1853",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1853.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "RHSA-2013:1208",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1208.html"
},
{
"name": "RHSA-2013:1220",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1220.html"
},
{
"name": "60846",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/60846"
},
{
"name": "94651",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/94651"
},
{
"name": "DSA-3065",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3065"
},
{
"name": "[santuario-commits] 20190823 svn commit: r1049214 - in /websites/production/santuario/content: cache/main.pageCache download.html index.html javaindex.html javareleasenotes.html secadv.data/CVE-2019-12400.asc secadv.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3%40%3Ccommits.santuario.apache.org%3E"
},
{
"name": "[santuario-commits] 20210917 svn commit: r1076843 - in /websites/production/santuario/content: cache/main.pageCache index.html javaindex.html secadv.data/CVE-2021-40690.txt.asc secadv.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd%40%3Ccommits.santuario.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak \"canonicalization algorithm to apply to the SignedInfo part of the Signature.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-17T10:06:19",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2013:1219",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1219.html"
},
{
"name": "54019",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54019"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "RHSA-2013:1218",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1218.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://santuario.apache.org/secadv.data/CVE-2013-2172.txt.asc"
},
{
"name": "RHSA-2013:1209",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1209.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "USN-2028-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2028-1"
},
{
"name": "RHSA-2013:1217",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1217.html"
},
{
"name": "RHSA-2013:1437",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1437.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java?r1=1353876\u0026r2=1493772\u0026pathrev=1493772\u0026diff_format=h"
},
{
"name": "RHSA-2013:1207",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1207.html"
},
{
"name": "RHSA-2013:1375",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1375.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "RHSA-2014:0212",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0212.html"
},
{
"name": "RHSA-2013:1853",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1853.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "RHSA-2013:1208",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1208.html"
},
{
"name": "RHSA-2013:1220",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1220.html"
},
{
"name": "60846",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/60846"
},
{
"name": "94651",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/94651"
},
{
"name": "DSA-3065",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3065"
},
{
"name": "[santuario-commits] 20190823 svn commit: r1049214 - in /websites/production/santuario/content: cache/main.pageCache download.html index.html javaindex.html javareleasenotes.html secadv.data/CVE-2019-12400.asc secadv.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3%40%3Ccommits.santuario.apache.org%3E"
},
{
"name": "[santuario-commits] 20210917 svn commit: r1076843 - in /websites/production/santuario/content: cache/main.pageCache index.html javaindex.html secadv.data/CVE-2021-40690.txt.asc secadv.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd%40%3Ccommits.santuario.apache.org%3E"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2172",
"datePublished": "2013-08-20T22:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:27:41.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-44483 (GCVE-0-2023-44483)
Vulnerability from cvelistv5 – Published: 2023-10-20 09:23 – Updated: 2025-11-03 21:49
VLAI?
Title
Apache Santuario: Private Key disclosure in debug-log output
Summary
All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.
Severity ?
No CVSS data available.
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Santuario |
Affected:
2.2 , < 2.2.6
(semver)
Affected: 2.3 , < 2.3.4 (semver) Affected: 3.0 , < 3.0.3 (semver) |
Credits
Apache Santuario would like to thank Max Fichtelmann for reporting this issue.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:49:47.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/20/5"
},
{
"url": "https://security.netapp.com/advisory/ntap-20241108-0002/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-44483",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T14:33:15.116438Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T14:36:02.225Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Santuario",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "2.2.6",
"status": "affected",
"version": "2.2",
"versionType": "semver"
},
{
"lessThan": "2.3.4",
"status": "affected",
"version": "2.3",
"versionType": "semver"
},
{
"lessThan": "3.0.3",
"status": "affected",
"version": "3.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Apache Santuario would like to thank Max Fichtelmann for reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled.\u0026nbsp;Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.\u003cbr\u003e"
}
],
"value": "All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled.\u00a0Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T09:25:12.008Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/20/5"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Santuario: Private Key disclosure in debug-log output",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2023-44483",
"datePublished": "2023-10-20T09:23:53.483Z",
"dateReserved": "2023-09-29T15:05:04.230Z",
"dateUpdated": "2025-11-03T21:49:47.169Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-40690 (GCVE-0-2021-40690)
Vulnerability from cvelistv5 – Published: 2021-09-19 00:00 – Updated: 2024-08-04 02:51
VLAI?
Title
Bypass of the secureValidation property
Summary
All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.
Severity ?
No CVSS data available.
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Santuario |
Affected:
XML Security for Java , < 2.2.3,2.1.7
(custom)
|
Credits
An Trinh, Calif.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:51:06.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8848751b6a5dd78cc9e99d627e74fecfaffdfa1bb615dce827aad633%40%3Cdev.santuario.apache.org%3E"
},
{
"name": "[tomee-commits] 20210922 [tomee] 02/02: Update xmlsec to 2.2.3 to mitigate CVE-2021-40690",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rbdac116aef912b563da54f4c152222c0754e32fb2f785519ac5e059f%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20210923 [jira] [Resolved] (TOMEE-3798) TomEE (8.0.8) is affected by CVE-2021-40690 vulnerability",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re294cfc61f509512874ea514d8d64fd276253d54ac378ffa7a4880c8%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20210923 [jira] [Created] (TOMEE-3798) TomEE (8.0.8) is affected by CVE-2021-40690 vulnerability",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8a5c0ce9014bd07303aec1e5eed55951704878016465d3dae00e0c28%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20210923 [jira] [Assigned] (TOMEE-3798) TomEE (8.0.8) is affected by CVE-2021-40690 vulnerability",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9c100d53c84d54cf71975e3f0cfcc2856a8846554a04c99390156ce4%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20210923 [jira] [Updated] (TOMEE-3798) TomEE (8.0.8) is affected by CVE-2021-40690 vulnerability",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r3b3f5ba9b0de8c9c125077b71af06026d344a709a8ba67db81ee9faa%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[poi-user] 20210923 Re: CVE-2021-40690 on xmlsec jar",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/raf352f95c19c0c4051af3180752cb69acbea88d0d066ab176c6170e8%40%3Cuser.poi.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20210927 [SECURITY] [DLA 2767-1] libxml-security-java security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00015.html"
},
{
"name": "[cxf-issues] 20211027 [jira] [Created] (CXF-8613) High Security issues reported with Apache Santuario library bundled in CXF 3.4.4",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r401ecb7274794f040cd757b259ebe3e8c463ae74f7961209ccad3c59%40%3Cissues.cxf.apache.org%3E"
},
{
"name": "[tomee-commits] 20211028 [jira] [Updated] (TOMEE-3798) TomEE (8.0.8) is affected by CVE-2021-40690 vulnerability",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rbbbac0759b12472abd0c278d32b5e0867bb21934df8e14e5e641597c%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "DSA-5010",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-5010"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230818-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Santuario",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "2.2.3,2.1.7",
"status": "affected",
"version": "XML Security for Java",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "An Trinh, Calif."
}
],
"descriptions": [
{
"lang": "en",
"value": "All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the \"secureValidation\" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-18T13:06:19.359156",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"url": "https://lists.apache.org/thread.html/r8848751b6a5dd78cc9e99d627e74fecfaffdfa1bb615dce827aad633%40%3Cdev.santuario.apache.org%3E"
},
{
"name": "[tomee-commits] 20210922 [tomee] 02/02: Update xmlsec to 2.2.3 to mitigate CVE-2021-40690",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rbdac116aef912b563da54f4c152222c0754e32fb2f785519ac5e059f%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20210923 [jira] [Resolved] (TOMEE-3798) TomEE (8.0.8) is affected by CVE-2021-40690 vulnerability",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/re294cfc61f509512874ea514d8d64fd276253d54ac378ffa7a4880c8%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20210923 [jira] [Created] (TOMEE-3798) TomEE (8.0.8) is affected by CVE-2021-40690 vulnerability",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r8a5c0ce9014bd07303aec1e5eed55951704878016465d3dae00e0c28%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20210923 [jira] [Assigned] (TOMEE-3798) TomEE (8.0.8) is affected by CVE-2021-40690 vulnerability",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r9c100d53c84d54cf71975e3f0cfcc2856a8846554a04c99390156ce4%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20210923 [jira] [Updated] (TOMEE-3798) TomEE (8.0.8) is affected by CVE-2021-40690 vulnerability",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r3b3f5ba9b0de8c9c125077b71af06026d344a709a8ba67db81ee9faa%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[poi-user] 20210923 Re: CVE-2021-40690 on xmlsec jar",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/raf352f95c19c0c4051af3180752cb69acbea88d0d066ab176c6170e8%40%3Cuser.poi.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20210927 [SECURITY] [DLA 2767-1] libxml-security-java security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00015.html"
},
{
"name": "[cxf-issues] 20211027 [jira] [Created] (CXF-8613) High Security issues reported with Apache Santuario library bundled in CXF 3.4.4",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r401ecb7274794f040cd757b259ebe3e8c463ae74f7961209ccad3c59%40%3Cissues.cxf.apache.org%3E"
},
{
"name": "[tomee-commits] 20211028 [jira] [Updated] (TOMEE-3798) TomEE (8.0.8) is affected by CVE-2021-40690 vulnerability",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rbbbac0759b12472abd0c278d32b5e0867bb21934df8e14e5e641597c%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "DSA-5010",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2021/dsa-5010"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230818-0002/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Bypass of the secureValidation property",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2021-40690",
"datePublished": "2021-09-19T00:00:00",
"dateReserved": "2021-09-08T00:00:00",
"dateUpdated": "2024-08-04T02:51:06.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12400 (GCVE-0-2019-12400)
Vulnerability from cvelistv5 – Published: 2019-08-23 20:30 – Updated: 2024-08-04 23:17
VLAI?
Summary
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this implementation might be cached and re-used by Apache Santuario - XML Security for Java, leading to potential security flaws when validating signed documents, etc. The vulnerability affects Apache Santuario - XML Security for Java 2.0.x releases from 2.0.3 and all 2.1.x releases before 2.1.4.
Severity ?
No CVSS data available.
CWE
- Process Control
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache | Apache Santuario - XML Security for Java |
Affected:
All 2.0.x releases from 2.0.3
Affected: all 2.1.x releases before 2.1.4. |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:17:40.035Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[santuario-dev] 20190905 Re: [CVE-2019-12400] Apache Santuario potentially loads XML parsing code from an untrusted source",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/8e814b925bf580bc527d96ff51e72ffe5bdeaa4b8bf5b89498cab24c%40%3Cdev.santuario.apache.org%3E"
},
{
"name": "[santuario-dev] 20190906 Re: [CVE-2019-12400] Apache Santuario potentially loads XML parsing code from an untrusted source",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/edaa7edb9c58e5f5bd0c950f2b6232b62b15f5c44ad803e8728308ce%40%3Cdev.santuario.apache.org%3E"
},
{
"name": "RHSA-2020:0806",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0806"
},
{
"name": "RHSA-2020:0811",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0811"
},
{
"name": "RHSA-2020:0804",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0804"
},
{
"name": "RHSA-2020:0805",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0805"
},
{
"name": "[tomee-commits] 20200324 [jira] [Created] (TOMEE-2791) TomEE plus(7.0.7) is affected by CVE-2019-12400 vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcdc0da94fe21b26493eae47ca987a290bdf90c721a7a42491fdd41d4%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20200720 [jira] [Created] (TOMEE-2885) Update Apache XML Security for Java to mitigate CVE-2019-12400",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf82be0a7c98cd3545e20817bb96ed05551ea0020acbaf9a469fef402%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20200720 [jira] [Assigned] (TOMEE-2885) Update Apache XML Security for Java to mitigate CVE-2019-12400",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r107bffb06a5e27457fe9af7dfe3a233d0d36c6c2f5122f117eb7f626%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20200720 [jira] [Commented] (TOMEE-2885) Update Apache XML Security for Java to mitigate CVE-2019-12400",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf958cea96236de8829940109ae07e870aa3d59235345421e4924ff03%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[santuario-commits] 20210917 svn commit: r1076843 - in /websites/production/santuario/content: cache/main.pageCache index.html javaindex.html secadv.data/CVE-2021-40690.txt.asc secadv.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd%40%3Ccommits.santuario.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://santuario.apache.org/secadv.data/CVE-2019-12400.asc?version=1\u0026modificationDate=1566573083000\u0026api=v2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190910-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Santuario - XML Security for Java",
"vendor": "Apache",
"versions": [
{
"status": "affected",
"version": "All 2.0.x releases from 2.0.3"
},
{
"status": "affected",
"version": "all 2.1.x releases before 2.1.4."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this implementation might be cached and re-used by Apache Santuario - XML Security for Java, leading to potential security flaws when validating signed documents, etc. The vulnerability affects Apache Santuario - XML Security for Java 2.0.x releases from 2.0.3 and all 2.1.x releases before 2.1.4."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Process Control",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-20T10:38:20",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[santuario-dev] 20190905 Re: [CVE-2019-12400] Apache Santuario potentially loads XML parsing code from an untrusted source",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/8e814b925bf580bc527d96ff51e72ffe5bdeaa4b8bf5b89498cab24c%40%3Cdev.santuario.apache.org%3E"
},
{
"name": "[santuario-dev] 20190906 Re: [CVE-2019-12400] Apache Santuario potentially loads XML parsing code from an untrusted source",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/edaa7edb9c58e5f5bd0c950f2b6232b62b15f5c44ad803e8728308ce%40%3Cdev.santuario.apache.org%3E"
},
{
"name": "RHSA-2020:0806",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0806"
},
{
"name": "RHSA-2020:0811",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0811"
},
{
"name": "RHSA-2020:0804",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0804"
},
{
"name": "RHSA-2020:0805",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0805"
},
{
"name": "[tomee-commits] 20200324 [jira] [Created] (TOMEE-2791) TomEE plus(7.0.7) is affected by CVE-2019-12400 vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rcdc0da94fe21b26493eae47ca987a290bdf90c721a7a42491fdd41d4%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20200720 [jira] [Created] (TOMEE-2885) Update Apache XML Security for Java to mitigate CVE-2019-12400",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf82be0a7c98cd3545e20817bb96ed05551ea0020acbaf9a469fef402%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20200720 [jira] [Assigned] (TOMEE-2885) Update Apache XML Security for Java to mitigate CVE-2019-12400",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r107bffb06a5e27457fe9af7dfe3a233d0d36c6c2f5122f117eb7f626%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20200720 [jira] [Commented] (TOMEE-2885) Update Apache XML Security for Java to mitigate CVE-2019-12400",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf958cea96236de8829940109ae07e870aa3d59235345421e4924ff03%40%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[santuario-commits] 20210917 svn commit: r1076843 - in /websites/production/santuario/content: cache/main.pageCache index.html javaindex.html secadv.data/CVE-2021-40690.txt.asc secadv.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd%40%3Ccommits.santuario.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://santuario.apache.org/secadv.data/CVE-2019-12400.asc?version=1\u0026modificationDate=1566573083000\u0026api=v2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190910-0003/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2019-12400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Santuario - XML Security for Java",
"version": {
"version_data": [
{
"version_value": "All 2.0.x releases from 2.0.3"
},
{
"version_value": "all 2.1.x releases before 2.1.4."
}
]
}
}
]
},
"vendor_name": "Apache"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this implementation might be cached and re-used by Apache Santuario - XML Security for Java, leading to potential security flaws when validating signed documents, etc. The vulnerability affects Apache Santuario - XML Security for Java 2.0.x releases from 2.0.3 and all 2.1.x releases before 2.1.4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Process Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[santuario-dev] 20190905 Re: [CVE-2019-12400] Apache Santuario potentially loads XML parsing code from an untrusted source",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/8e814b925bf580bc527d96ff51e72ffe5bdeaa4b8bf5b89498cab24c@%3Cdev.santuario.apache.org%3E"
},
{
"name": "[santuario-dev] 20190906 Re: [CVE-2019-12400] Apache Santuario potentially loads XML parsing code from an untrusted source",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/edaa7edb9c58e5f5bd0c950f2b6232b62b15f5c44ad803e8728308ce@%3Cdev.santuario.apache.org%3E"
},
{
"name": "RHSA-2020:0806",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0806"
},
{
"name": "RHSA-2020:0811",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0811"
},
{
"name": "RHSA-2020:0804",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0804"
},
{
"name": "RHSA-2020:0805",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0805"
},
{
"name": "[tomee-commits] 20200324 [jira] [Created] (TOMEE-2791) TomEE plus(7.0.7) is affected by CVE-2019-12400 vulnerability",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rcdc0da94fe21b26493eae47ca987a290bdf90c721a7a42491fdd41d4@%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20200720 [jira] [Created] (TOMEE-2885) Update Apache XML Security for Java to mitigate CVE-2019-12400",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf82be0a7c98cd3545e20817bb96ed05551ea0020acbaf9a469fef402@%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20200720 [jira] [Assigned] (TOMEE-2885) Update Apache XML Security for Java to mitigate CVE-2019-12400",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r107bffb06a5e27457fe9af7dfe3a233d0d36c6c2f5122f117eb7f626@%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[tomee-commits] 20200720 [jira] [Commented] (TOMEE-2885) Update Apache XML Security for Java to mitigate CVE-2019-12400",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf958cea96236de8829940109ae07e870aa3d59235345421e4924ff03@%3Ccommits.tomee.apache.org%3E"
},
{
"name": "[santuario-commits] 20210917 svn commit: r1076843 - in /websites/production/santuario/content: cache/main.pageCache index.html javaindex.html secadv.data/CVE-2021-40690.txt.asc secadv.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd@%3Ccommits.santuario.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "http://santuario.apache.org/secadv.data/CVE-2019-12400.asc?version=1\u0026modificationDate=1566573083000\u0026api=v2",
"refsource": "CONFIRM",
"url": "http://santuario.apache.org/secadv.data/CVE-2019-12400.asc?version=1\u0026modificationDate=1566573083000\u0026api=v2"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190910-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190910-0003/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2019-12400",
"datePublished": "2019-08-23T20:30:33",
"dateReserved": "2019-05-28T00:00:00",
"dateUpdated": "2024-08-04T23:17:40.035Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8152 (GCVE-0-2014-8152)
Vulnerability from cvelistv5 – Published: 2015-01-21 18:00 – Updated: 2024-08-06 13:10
VLAI?
Summary
Apache Santuario XML Security for Java 2.0.x before 2.0.3 allows remote attackers to bypass the streaming XML signature protection mechanism via a crafted XML document.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:10:51.014Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "apache-santuario-cve20148152-sec-bypass(99993)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99993"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://santuario.apache.org/secadv.data/CVE-2014-8152.txt.asc"
},
{
"name": "72115",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/72115"
},
{
"name": "1031556",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031556"
},
{
"name": "[oss-security] 20150119 New Apache Santuario security advisory CVE-2014-8152",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2015/q1/181"
},
{
"name": "[santuario-commits] 20190823 svn commit: r1049214 - in /websites/production/santuario/content: cache/main.pageCache download.html index.html javaindex.html javareleasenotes.html secadv.data/CVE-2019-12400.asc secadv.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3%40%3Ccommits.santuario.apache.org%3E"
},
{
"name": "[santuario-commits] 20210917 svn commit: r1076843 - in /websites/production/santuario/content: cache/main.pageCache index.html javaindex.html secadv.data/CVE-2021-40690.txt.asc secadv.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd%40%3Ccommits.santuario.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache Santuario XML Security for Java 2.0.x before 2.0.3 allows remote attackers to bypass the streaming XML signature protection mechanism via a crafted XML document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-17T10:06:17",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "apache-santuario-cve20148152-sec-bypass(99993)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99993"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://santuario.apache.org/secadv.data/CVE-2014-8152.txt.asc"
},
{
"name": "72115",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/72115"
},
{
"name": "1031556",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031556"
},
{
"name": "[oss-security] 20150119 New Apache Santuario security advisory CVE-2014-8152",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2015/q1/181"
},
{
"name": "[santuario-commits] 20190823 svn commit: r1049214 - in /websites/production/santuario/content: cache/main.pageCache download.html index.html javaindex.html javareleasenotes.html secadv.data/CVE-2019-12400.asc secadv.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3%40%3Ccommits.santuario.apache.org%3E"
},
{
"name": "[santuario-commits] 20210917 svn commit: r1076843 - in /websites/production/santuario/content: cache/main.pageCache index.html javaindex.html secadv.data/CVE-2021-40690.txt.asc secadv.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd%40%3Ccommits.santuario.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-8152",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Santuario XML Security for Java 2.0.x before 2.0.3 allows remote attackers to bypass the streaming XML signature protection mechanism via a crafted XML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "apache-santuario-cve20148152-sec-bypass(99993)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99993"
},
{
"name": "http://santuario.apache.org/secadv.data/CVE-2014-8152.txt.asc",
"refsource": "CONFIRM",
"url": "http://santuario.apache.org/secadv.data/CVE-2014-8152.txt.asc"
},
{
"name": "72115",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72115"
},
{
"name": "1031556",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031556"
},
{
"name": "[oss-security] 20150119 New Apache Santuario security advisory CVE-2014-8152",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2015/q1/181"
},
{
"name": "[santuario-commits] 20190823 svn commit: r1049214 - in /websites/production/santuario/content: cache/main.pageCache download.html index.html javaindex.html javareleasenotes.html secadv.data/CVE-2019-12400.asc secadv.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3@%3Ccommits.santuario.apache.org%3E"
},
{
"name": "[santuario-commits] 20210917 svn commit: r1076843 - in /websites/production/santuario/content: cache/main.pageCache index.html javaindex.html secadv.data/CVE-2021-40690.txt.asc secadv.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd@%3Ccommits.santuario.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-8152",
"datePublished": "2015-01-21T18:00:00",
"dateReserved": "2014-10-10T00:00:00",
"dateUpdated": "2024-08-06T13:10:51.014Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4517 (GCVE-0-2013-4517)
Vulnerability from cvelistv5 – Published: 2014-01-11 01:00 – Updated: 2024-08-06 16:45
VLAI?
Summary
Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.816Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2014:1728",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1728.html"
},
{
"name": "RHSA-2014:1726",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1726.html"
},
{
"name": "RHSA-2014:0170",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0170.html"
},
{
"name": "RHSA-2015:0675",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
},
{
"name": "101169",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/101169"
},
{
"name": "RHSA-2015:0850",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0850.html"
},
{
"name": "RHSA-2014:0195",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0195.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2018-15"
},
{
"name": "santuario-xmlsecurity-cve20134517-dos(89891)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89891"
},
{
"name": "RHSA-2014:1727",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1727.html"
},
{
"name": "RHSA-2015:0851",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0851.html"
},
{
"name": "20131218 Apache Santuario security advisory CVE-2013-4517 released",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2013/Dec/169"
},
{
"name": "1029524",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029524"
},
{
"name": "RHSA-2014:0172",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0172.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://santuario.apache.org/secadv.data/cve-2013-4517.txt.asc"
},
{
"name": "RHSA-2014:0171",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0171.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/124554/Java-XML-Signature-Denial-Of-Service-Attack.html"
},
{
"name": "64437",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64437"
},
{
"name": "RHSA-2014:1725",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1725.html"
},
{
"name": "55639",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55639"
},
{
"name": "[santuario-commits] 20190823 svn commit: r1049214 - in /websites/production/santuario/content: cache/main.pageCache download.html index.html javaindex.html javareleasenotes.html secadv.data/CVE-2019-12400.asc secadv.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3%40%3Ccommits.santuario.apache.org%3E"
},
{
"name": "[santuario-commits] 20210917 svn commit: r1076843 - in /websites/production/santuario/content: cache/main.pageCache index.html javaindex.html secadv.data/CVE-2021-40690.txt.asc secadv.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd%40%3Ccommits.santuario.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-17T10:06:09",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2014:1728",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1728.html"
},
{
"name": "RHSA-2014:1726",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1726.html"
},
{
"name": "RHSA-2014:0170",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0170.html"
},
{
"name": "RHSA-2015:0675",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
},
{
"name": "101169",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/101169"
},
{
"name": "RHSA-2015:0850",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0850.html"
},
{
"name": "RHSA-2014:0195",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0195.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tenable.com/security/tns-2018-15"
},
{
"name": "santuario-xmlsecurity-cve20134517-dos(89891)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89891"
},
{
"name": "RHSA-2014:1727",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1727.html"
},
{
"name": "RHSA-2015:0851",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0851.html"
},
{
"name": "20131218 Apache Santuario security advisory CVE-2013-4517 released",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2013/Dec/169"
},
{
"name": "1029524",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029524"
},
{
"name": "RHSA-2014:0172",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0172.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://santuario.apache.org/secadv.data/cve-2013-4517.txt.asc"
},
{
"name": "RHSA-2014:0171",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0171.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://packetstormsecurity.com/files/124554/Java-XML-Signature-Denial-Of-Service-Attack.html"
},
{
"name": "64437",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64437"
},
{
"name": "RHSA-2014:1725",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1725.html"
},
{
"name": "55639",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55639"
},
{
"name": "[santuario-commits] 20190823 svn commit: r1049214 - in /websites/production/santuario/content: cache/main.pageCache download.html index.html javaindex.html javareleasenotes.html secadv.data/CVE-2019-12400.asc secadv.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3%40%3Ccommits.santuario.apache.org%3E"
},
{
"name": "[santuario-commits] 20210917 svn commit: r1076843 - in /websites/production/santuario/content: cache/main.pageCache index.html javaindex.html secadv.data/CVE-2021-40690.txt.asc secadv.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd%40%3Ccommits.santuario.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4517",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2014:1728",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1728.html"
},
{
"name": "RHSA-2014:1726",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1726.html"
},
{
"name": "RHSA-2014:0170",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0170.html"
},
{
"name": "RHSA-2015:0675",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
},
{
"name": "101169",
"refsource": "OSVDB",
"url": "http://osvdb.org/101169"
},
{
"name": "RHSA-2015:0850",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0850.html"
},
{
"name": "RHSA-2014:0195",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0195.html"
},
{
"name": "https://www.tenable.com/security/tns-2018-15",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2018-15"
},
{
"name": "santuario-xmlsecurity-cve20134517-dos(89891)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89891"
},
{
"name": "RHSA-2014:1727",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1727.html"
},
{
"name": "RHSA-2015:0851",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0851.html"
},
{
"name": "20131218 Apache Santuario security advisory CVE-2013-4517 released",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/Dec/169"
},
{
"name": "1029524",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029524"
},
{
"name": "RHSA-2014:0172",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0172.html"
},
{
"name": "http://santuario.apache.org/secadv.data/cve-2013-4517.txt.asc",
"refsource": "CONFIRM",
"url": "http://santuario.apache.org/secadv.data/cve-2013-4517.txt.asc"
},
{
"name": "RHSA-2014:0171",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0171.html"
},
{
"name": "http://packetstormsecurity.com/files/124554/Java-XML-Signature-Denial-Of-Service-Attack.html",
"refsource": "CONFIRM",
"url": "http://packetstormsecurity.com/files/124554/Java-XML-Signature-Denial-Of-Service-Attack.html"
},
{
"name": "64437",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64437"
},
{
"name": "RHSA-2014:1725",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1725.html"
},
{
"name": "55639",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55639"
},
{
"name": "[santuario-commits] 20190823 svn commit: r1049214 - in /websites/production/santuario/content: cache/main.pageCache download.html index.html javaindex.html javareleasenotes.html secadv.data/CVE-2019-12400.asc secadv.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3@%3Ccommits.santuario.apache.org%3E"
},
{
"name": "[santuario-commits] 20210917 svn commit: r1076843 - in /websites/production/santuario/content: cache/main.pageCache index.html javaindex.html secadv.data/CVE-2021-40690.txt.asc secadv.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd@%3Ccommits.santuario.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4517",
"datePublished": "2014-01-11T01:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:14.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2172 (GCVE-0-2013-2172)
Vulnerability from cvelistv5 – Published: 2013-08-20 22:00 – Updated: 2024-08-06 15:27
VLAI?
Summary
jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization algorithm to apply to the SignedInfo part of the Signature."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:27:41.140Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2013:1219",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1219.html"
},
{
"name": "54019",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54019"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "RHSA-2013:1218",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1218.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://santuario.apache.org/secadv.data/CVE-2013-2172.txt.asc"
},
{
"name": "RHSA-2013:1209",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1209.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "USN-2028-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2028-1"
},
{
"name": "RHSA-2013:1217",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1217.html"
},
{
"name": "RHSA-2013:1437",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1437.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java?r1=1353876\u0026r2=1493772\u0026pathrev=1493772\u0026diff_format=h"
},
{
"name": "RHSA-2013:1207",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1207.html"
},
{
"name": "RHSA-2013:1375",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1375.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "RHSA-2014:0212",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0212.html"
},
{
"name": "RHSA-2013:1853",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1853.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "RHSA-2013:1208",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1208.html"
},
{
"name": "RHSA-2013:1220",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1220.html"
},
{
"name": "60846",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/60846"
},
{
"name": "94651",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/94651"
},
{
"name": "DSA-3065",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3065"
},
{
"name": "[santuario-commits] 20190823 svn commit: r1049214 - in /websites/production/santuario/content: cache/main.pageCache download.html index.html javaindex.html javareleasenotes.html secadv.data/CVE-2019-12400.asc secadv.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3%40%3Ccommits.santuario.apache.org%3E"
},
{
"name": "[santuario-commits] 20210917 svn commit: r1076843 - in /websites/production/santuario/content: cache/main.pageCache index.html javaindex.html secadv.data/CVE-2021-40690.txt.asc secadv.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd%40%3Ccommits.santuario.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-06-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak \"canonicalization algorithm to apply to the SignedInfo part of the Signature.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-17T10:06:19",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2013:1219",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1219.html"
},
{
"name": "54019",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54019"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "RHSA-2013:1218",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1218.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://santuario.apache.org/secadv.data/CVE-2013-2172.txt.asc"
},
{
"name": "RHSA-2013:1209",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1209.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "USN-2028-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2028-1"
},
{
"name": "RHSA-2013:1217",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1217.html"
},
{
"name": "RHSA-2013:1437",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1437.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java?r1=1353876\u0026r2=1493772\u0026pathrev=1493772\u0026diff_format=h"
},
{
"name": "RHSA-2013:1207",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1207.html"
},
{
"name": "RHSA-2013:1375",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1375.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "RHSA-2014:0212",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0212.html"
},
{
"name": "RHSA-2013:1853",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1853.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
},
{
"name": "RHSA-2013:1208",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1208.html"
},
{
"name": "RHSA-2013:1220",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1220.html"
},
{
"name": "60846",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/60846"
},
{
"name": "94651",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/94651"
},
{
"name": "DSA-3065",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3065"
},
{
"name": "[santuario-commits] 20190823 svn commit: r1049214 - in /websites/production/santuario/content: cache/main.pageCache download.html index.html javaindex.html javareleasenotes.html secadv.data/CVE-2019-12400.asc secadv.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3%40%3Ccommits.santuario.apache.org%3E"
},
{
"name": "[santuario-commits] 20210917 svn commit: r1076843 - in /websites/production/santuario/content: cache/main.pageCache index.html javaindex.html secadv.data/CVE-2021-40690.txt.asc secadv.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd%40%3Ccommits.santuario.apache.org%3E"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2172",
"datePublished": "2013-08-20T22:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:27:41.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}