| ID |
CVE-2014-8152
|
| Summary |
Apache Santuario XML Security for Java 2.0.x before 2.0.3 allows remote attackers to bypass the streaming XML signature protection mechanism via a crafted XML document. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:apache:santuario_xml_security_for_java:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:santuario_xml_security_for_java:2.0.0:*:*:*:*:*:*:*
-
cpe:2.3:a:apache:santuario_xml_security_for_java:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:santuario_xml_security_for_java:2.0.1:*:*:*:*:*:*:*
-
cpe:2.3:a:apache:santuario_xml_security_for_java:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:santuario_xml_security_for_java:2.0.2:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 5.0 (as of 17-09-2021 - 11:15) |
| Impact: | |
| Exploitability: | |
|
| CWE |
CWE-254 |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| NONE |
PARTIAL |
NONE |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
| refmap
via4
|
| bid | 72115 | | confirm | http://santuario.apache.org/secadv.data/CVE-2014-8152.txt.asc | | mlist | - [oss-security] 20150119 New Apache Santuario security advisory CVE-2014-8152
- [santuario-commits] 20190823 svn commit: r1049214 - in /websites/production/santuario/content: cache/main.pageCache download.html index.html javaindex.html javareleasenotes.html secadv.data/CVE-2019-12400.asc secadv.html
| | sectrack | 1031556 | | xf | apache-santuario-cve20148152-sec-bypass(99993) |
|
| Last major update |
17-09-2021 - 11:15 |
| Published |
21-01-2015 - 18:59 |
| Last modified |
17-09-2021 - 11:15 |
