VDB

RHSA-2013%3A1375

RHSA-2013%3A1375 PUBLISHED CVSS 5.800000190734863 MEDIUM

A flaw was found in the way Apache Santuario XML Security for Java validated XML signatures. Santuario allowed a signature to specify an arbitrary canonicalization algorithm, which would be applied to the SignedInfo XML fragment. A remote attacker could exploit this to spoof an XML signature via a specially crafted XML signature block.

Risk Scores

CVSS 2.0
5.800000190734863

Affected Products

VendorProductVersions
Red HatJBoss Enterprise BRMS Platform 5.3

Timeline

  • Sep 30, 2013 CVE Published
  • Apr 29, 2026 Distribution Patch
  • Apr 29, 2026 Distribution Patch
  • Apr 29, 2026 Security Advisory
  • Apr 29, 2026 Security Advisory
  • May 14, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›