CVE-2013-2153
EPSS 0.83%xml-security-c - several
發布日:2013/8/20修改日:2026/4/28
描述
The XML digital signature functionality (xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows context-dependent attackers to reuse signatures and spoof arbitrary content via crafted Reference elements in the Signature, aka "XML Signature Bypass issue."
受影響套件(2)
- Debian/xml-security-cfrom 0, < 1.6.1-6
- Debian/xml-security-cfrom 0, < 1.5.1-3+squeeze2