XML Signature Bypass in Apache Santuario for Java
CVE-2014-8152

Currently unrated

Key Information:

Vendor: Apache
Status: Santuario Xml Security For Java
Vendor: CVE Published:; 21 January 2015

Summary

Apache Santuario XML Security for Java versions prior to 2.0.3 are susceptible to a vulnerability that allows remote attackers to bypass the streaming XML signature protection. This is achievable by exploiting crafted XML documents, which can lead to unauthorized actions and data exposure. Addressing this vulnerability is essential to maintain the integrity and security of applications utilizing the XML security library.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/99993

vdb-entryx_refsource_XF

http://santuario.apache.org/secadv.data/CVE-2014-8152.txt...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/72115

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Jan 21, 2015
Vulnerability Reserved
Oct 10, 2014