Apache XML Security Multiple Vulnerabilities

Last Update Date: 19 Jun 2013 10:16 Release Date: 19 Jun 2013 3379 Views

RISK: Medium Risk

Medium Risk

TYPE: Servers - Web Servers

TYPE: Web Servers

Multiple vulnerabilities have been identified in Apache XML Security, which can be exploited by malicious people to conduct spoofing attacks, cause a DoS (Denial of Service), and compromise an application using the library.

  1. An error when processing certain XPointer expressions within the XML Signature Reference processing code can be exploited to cause a stack-based buffer overflow.
  2. An error when processing the length of HMAC-based XML signatures can be exploited to cause a crash.
  3. Another error when processing HMAC-based XML signatures can be exploited to spoof XML data. 
    Note: This vulnerability is caused due to the incomplete fix for CVE-2009-0217.
  4. An error when processing PrefixList attributes can be exploited to cause a heap-based buffer overflow.

Successful exploitation of the vulnerabilities #1 and #4 may allow execution of arbitrary code.

Impact

  • Denial of Service
  • Spoofing

System / Technologies affected

  • versions prior to 1.7.1

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to version 1.7.1

Vulnerability Identifier

Source

Related Link

Share with

Previous

Oracle Java Multiple Vulnerabilities

19 Jun 2013 3629 Views

Next

Apple Mac OS X Java Vulnerability

20 Jun 2013 3383 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY