Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2013-2172 | First vendor Publication | 2013-08-20 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 4.3 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization algorithm to apply to the SignedInfo part of the Signature." |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2172 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-310 | Cryptographic Issues |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:19833 | |||
| Oval ID: | oval:org.mitre.oval:def:19833 | ||
| Title: | USN-2028-1 -- libxml-security-java vulnerability | ||
| Description: | Apache XML Security for Java could be tricked into validating spoofed signatures. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-2028-1 CVE-2013-2172 | Version: | 5 |
| Platform(s): | Ubuntu 10.04 | Product(s): | libxml-security-java |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:28055 | |||
| Oval ID: | oval:org.mitre.oval:def:28055 | ||
| Title: | DSA-3065-1 -- libxml-security-java security update | ||
| Description: | James Forshaw discovered that, in Apache Santuario XML Security for Java, CanonicalizationMethod parameters were incorrectly validated: by specifying an arbitrary weak canonicalization algorithm, an attacker could spoof XML signatures. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-3065-1 CVE-2013-2172 | Version: | 3 |
| Platform(s): | Debian GNU/Linux 7.0 Debian GNU/kFreeBSD 7.0 | Product(s): | libxml-security-java |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2014-12-11 | IAVM : 2014-B-0162 - VMware vCenter Server 5.1 Certificate Validation Vulnerability Severity : Category I - VMSKEY : V0057685 |
| 2014-12-11 | IAVM : 2014-B-0159 - VMware vCenter Server Appliance 5.1 Cross-site Scripting Vulnerability Severity : Category II - VMSKEY : V0057687 |
| 2014-12-11 | IAVM : 2014-A-0191 - VMware vCenter Server 5.0 Certificate Validation Vulnerability Severity : Category I - VMSKEY : V0057699 |
| 2014-12-11 | IAVM : 2014-B-0161 - Multiple Vulnerabilities in VMware ESXi 5.1 Severity : Category I - VMSKEY : V0057717 |
| 2013-10-17 | IAVM : 2013-A-0199 - Multiple Vulnerabilities in Oracle Fusion Middleware Severity : Category I - VMSKEY : V0040786 |
| 2013-09-12 | IAVM : 2013-A-0177 - Multiple Vulnerabilities in Red Hat JBoss Enterprise Application Platform Severity : Category I - VMSKEY : V0040288 |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2015-12-30 | Name : The remote VMware ESXi host is missing a security-related patch. File : vmware_VMSA-2014-0012_remote.nasl - Type : ACT_GATHER_INFO |
| 2015-03-26 | Name : The remote Debian host is missing a security update. File : debian_DLA-85.nasl - Type : ACT_GATHER_INFO |
| 2014-12-12 | Name : The remote host has a virtualization management application installed that is... File : vmware_vcenter_vmsa-2014-0012.nasl - Type : ACT_GATHER_INFO |
| 2014-12-12 | Name : The remote host has an update manager installed that is affected by multiple ... File : vmware_vcenter_update_mgr_vmsa-2014-0012.nasl - Type : ACT_GATHER_INFO |
| 2014-12-12 | Name : The remote host has a virtualization appliance installed that is affected by ... File : vmware_vcenter_server_appliance_vmsa-2014-0012.nasl - Type : ACT_GATHER_INFO |
| 2014-12-12 | Name : The remote VMware ESXi 5.1 host is affected by multiple vulnerabilities. File : vmware_esxi_5_1_build_2323236_remote.nasl - Type : ACT_GATHER_INFO |
| 2014-12-06 | Name : The remote VMware ESXi host is missing a security-related patch. File : vmware_VMSA-2014-0012.nasl - Type : ACT_GATHER_INFO |
| 2014-11-26 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2014-0012.nasl - Type : ACT_GATHER_INFO |
| 2014-11-07 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3065.nasl - Type : ACT_GATHER_INFO |
| 2014-06-28 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2013-1219.nasl - Type : ACT_GATHER_INFO |
| 2014-01-31 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2013-1437.nasl - Type : ACT_GATHER_INFO |
| 2014-01-31 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2013-1209.nasl - Type : ACT_GATHER_INFO |
| 2013-11-13 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2028-1.nasl - Type : ACT_GATHER_INFO |
| 2013-10-17 | Name : The remote web server is affected by multiple vulnerabilities. File : glassfish_cpu_oct_2013.nasl - Type : ACT_GATHER_INFO |
| 2013-09-13 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1208.nasl - Type : ACT_GATHER_INFO |
| 2013-09-13 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-1207.nasl - Type : ACT_GATHER_INFO |
| 2013-09-10 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2013-1217.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 12:34:40 |
|
| 2023-04-19 00:27:36 |
|
| 2023-02-13 09:28:24 |
|
| 2021-09-17 17:23:17 |
|
| 2021-05-04 12:24:57 |
|
| 2021-04-22 01:29:53 |
|
| 2020-05-23 00:36:54 |
|
| 2019-08-27 12:05:33 |
|
| 2018-10-10 00:19:45 |
|
| 2018-01-09 13:22:57 |
|
| 2016-11-29 00:24:49 |
|
| 2016-06-28 19:28:30 |
|
| 2016-04-26 23:05:34 |
|
| 2015-03-27 13:27:55 |
|
| 2014-12-12 09:22:34 |
|
| 2014-12-03 09:26:35 |
|
| 2014-11-08 13:30:47 |
|
| 2014-07-18 09:21:45 |
|
| 2014-06-29 13:26:49 |
|
| 2014-03-06 13:22:14 |
|
| 2014-02-17 11:19:07 |
|
| 2014-01-14 13:20:23 |
|
| 2013-11-11 12:40:23 |
|
| 2013-10-31 13:20:05 |
|
| 2013-10-11 13:26:08 |
|
| 2013-10-01 17:19:36 |
|
| 2013-09-12 13:20:12 |
|
| 2013-08-21 21:19:11 |
|
| 2013-08-21 13:19:00 |
|
