Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:29488
HistoryJul 01, 2013 - 12:00 a.m.

CVE-2013-2210

2013-07-0100:00:00
vulners.com
14
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

CVE-2013-2210: Apache Santuario XML Security for C++ contains a heap
overflow during XPointer evaluation

Severity: Critical

Vendor: The Apache Software Foundation

Versions Affected: Apache Santuario XML Security for C++ library versions
prior to V1.7.2

Description: The attempted fix to address CVE-2013-2154 introduced the
possibility of a heap overflow, possibly leading to arbitrary code
execution, in the processing of malformed XPointer expressions in the
XML Signature Reference processing code.

An attacker could use this to exploit an application performing
signature verification if the application does not block the
evaluation of such references prior to performing the verification
step. The exploit would occur prior to the actual verification of
the signature, so does not require authenticated content.

Mitigation: Applications that do not otherwise prevent the evaluation of
XPointer expressions during signature verification and are using library
versions older than V1.7.2 should upgrade as soon as possible. Distributors
of older versions should apply the patches from this subversion revision:

http://svn.apache.org/viewvc?view=revision&revision=r1496703

Credit: This issue was reported by Jon Erickson of iSIGHT Partners Labs

References:
http://santuario.apache.org/
http://santuario.apache.org/secadv.data/CVE-2013-2154.txt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (Darwin)

iQIcBAEBCgAGBQJRy4zwAAoJEDeLhFQCJ3lin88QALve0Q1GXUQMQsJeqpS2IKI0
FUHhlVhOBVUOjhT3Q1+TfXHqTubJ6Rb6sAhPHB1YzKkeJwyWcRVKi4/1AVGcp3Nq
e1fBNz3zrLQpYyjkmoPxUv/SADRtn8mbED1/WAJ2K3iQJ951FWkDpC8MTJhlJBEJ
FUh6hXMZJpiA4KGidsAJDpvsqZhOAUKDwxD7s0rdmadc+/dB2PigDXcJxgdG9Dz3
eQYS+UkvhUCAIU8TxJaCqEECGYAe015AikbroMHUdhmNsP4otke2HOBz1xcs8YCb
KyNlm0HmQ7S4Qv0UEeAyCzHXITAw7lRD5tp7/y9ZcHbLPZHAgMtFmcup5O7/xrVb
h9Mh+uZ1C2atEPd/ME3/JqNDSAzxcT+Wa3SEQrnQXUVfpomE3Pztg3EUYPL8x/ln
WO+pobIyTMPTEQ1rTI3LPliG8JDU4QS1HY+VQzlspNsVF2buDrOprgKAYx3MWnz3
/YvThnNNumXx7EjX/KN5RVmLavWSfJSGk725dYcaePAtLNIBHIWbkvZitsJSlrg7
0mTj8eAza79/UYWaWyz0zzd1y5bYq0m582hwSI9r45hdB32agvi5IqkAxhswBHTk
B2xga2QZynAmJGHBmvPXq8fmwFw7VOZ6H+M55fNCHnb4XA96OZGb5+aZCRX2m5+X
Gf+o5DTdMpinSzoT2ax2
=hZu/
-----END PGP SIGNATURE-----

Related

debian 4
freebsd 1
prion 2
securityvulns 4
nessus 4
ubuntucve 2
openvas 4
debiancve 2
seebug 1
cve 2
mageia 1
osv 2
debian
debian
[SECURITY] [DSA 2717-1] xml-security-c security update
2013-06-28 15:17:18
[SECURITY] [DSA 2717-1] xml-security-c security update
2013-06-28 15:17:18
[SECURITY] [DSA 2710-1] xml-security-c security update
2013-06-18 15:44:22
freebsd
freebsd
apache-xml-security-c -- heap overflow during XPointer evaluation
2013-06-27 00:00:00
prion
prion
Heap overflow
2013-08-20 22:55:00
Stack overflow
2013-08-20 22:55:00
securityvulns
securityvulns
[SECURITY] [DSA 2717-1] xml-security-c security update
2013-07-01 00:00:00
xml-security-c security vulnerabilities
2013-07-01 00:00:00
CVE-2013-2154: Apache Santuario C++ stack overflow vulnerability
2013-07-01 00:00:00
nessus
nessus
Debian DSA-2717-1 : xml-security-c - heap overflow
2013-06-29 00:00:00
FreeBSD : apache-xml-security-c -- heap overflow during XPointer evaluation (81da673e-dfe1-11e2-9389-08002798f6ff)
2013-06-29 00:00:00
Tenable SecurityCenter < 5.8.0 Multiple Vulnerabilities (TNS-2018-15)
2018-11-27 00:00:00
ubuntucve
ubuntucve
CVE-2013-2154
2013-08-20 00:00:00
CVE-2013-2210
2013-08-20 00:00:00
openvas
openvas
Debian Security Advisory DSA 2717-1 (xml-security-c - heap overflow)
2013-06-28 00:00:00
Debian Security Advisory DSA 2717-1 (xml-security-c - heap overflow)
2013-06-28 00:00:00
Debian Security Advisory DSA 2710-1 (xml-security-c - several vulnerabilities)
2013-06-18 00:00:00
debiancve
debiancve
CVE-2013-2210
2013-08-20 22:55:00
CVE-2013-2154
2013-08-20 22:55:00
seebug
seebug
Apache Santuario XML Security for C++ 堆缓冲区溢出漏洞
2013-06-28 00:00:00
cve
cve
CVE-2013-2210
2013-08-20 22:55:00
CVE-2013-2154
2013-08-20 22:55:00
mageia
mageia
Updated xml-security-c package fixes multiple security vulnerabilities
2013-07-01 23:12:07
osv
osv
xml-security-c - heap overflow
2013-06-28 00:00:00
xml-security-c - several
2013-06-18 00:00:00
JSON
Related for SECURITYVULNS:DOC:29488
debian4freebsd1prion2securityvulns4nessus4ubuntucve2openvas4debiancve2seebug1cve2mageia1osv2