PT-2013-3566 · Apache · Apache Santuario Xml Security For C++

Publicado

2013-07-01

·

Atualizado

2021-09-17

·

CVE-2013-2155

CVSS v2.0

5.8

Média

VetorAV:N/AC:M/Au:N/C:N/I:P/A:P
Name of the Vulnerable Software and Affected Versions Apache Santuario XML Security for C++ versions prior to 1.7.1
Description The issue allows remote attackers to cause a denial of service or bypass a protection mechanism and spoof a signature via crafted length values to certain functions, including compareBase64StringToRaw, DSIGAlgorithmHandlerDefault, and DSIGAlgorithmHandlerDefault::verify.
Recommendations For versions prior to 1.7.1, update to version 1.7.1 or later to resolve the issue.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2013-2155
DSA-2710-1
MGASA-2013-0193

Produtos afetados

Apache Santuario Xml Security For C++