CVE-2013-2172
jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 an
jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization algorithm to apply to the SignedInfo part of the Signature.".
MEDIUM · CVSS 4.3
EPSS 0.03643
Monitor
- No active-exploitation, high-EPSS, or public-exploit signals - routine patching cadence
Sigma rules0
YARA rules0