CVE-2013-2172 in GlassFish Server
Сводка (Английский)
jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization algorithm to apply to the SignedInfo part of the Signature."
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Резервировать
19.02.2013
Раскрытие
20.08.2013
Статус
Подтверждённый
Записи
VulDB provides additional information and datapoints for this CVE:
| ИД | Уязвимость | CWE | Экс | Кон | CVE |
|---|---|---|---|---|---|
| 10708 | Oracle GlassFish Server Metro слабое шифрование | 310 | Не определено | Официальное исправление | CVE-2013-2172 |