Apache Software Foundation Santuario XML Security for Java 1.5.4

CPE Details

Apache Software Foundation Santuario XML Security for Java 1.5.4
apache
santuario_xml_security_for_java
1.5.4
2020-01-14
18h40 +00:00
2023-04-18
17h06 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:apache:santuario_xml_security_for_java:1.5.4:*:*:*:*:*:*:*

Informations

Vendor

apache

Product

santuario_xml_security_for_java

Version

1.5.4

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-44483 2023-10-20 09h23 +00:00 All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.
6.5
Medium
CVE-2021-40690 2021-09-18 22h00 +00:00 All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.
7.5
High
CVE-2013-4517 2014-01-11 00h00 +00:00 Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures.
4.3
CVE-2013-2172 2013-08-20 20h00 +00:00 jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization algorithm to apply to the SignedInfo part of the Signature."
4.3