Apache Software Foundation Santuario XML Security for Java 1.1

CPE Details

Apache Software Foundation Santuario XML Security for Java 1.1
1.1
2020-01-14
18h40 +00:00
2020-01-14
18h40 +00:00
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:apache:santuario_xml_security_for_java:1.1:*:*:*:*:*:*:*

Informations

Vendor

apache

Product

santuario_xml_security_for_java

Version

1.1

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2023-44483 2023-10-20 09h23 +00:00 All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.
6.5
Moyen
CVE-2021-40690 2021-09-18 22h00 +00:00 All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.
7.5
Haute
CVE-2013-4517 2014-01-11 00h00 +00:00 Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures.
4.3