Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization algorithm to apply to the SignedInfo part of the Signature."
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apache Santuario 加密问题漏洞
Vulnerability Description
Apache Santuario是美国阿帕奇(Apache)基金会的一套实现XML的主要安全标准,它包含两个库:Apache XML Security for Java和Apache XML Security for C++。 Apache Santuario 1.4.8之前的1.4.x版本和1.5.5之前的1.5.x版本存在加密问题漏洞。攻击者利用该漏洞可以伪造XML签名。
CVSS Information
N/A
Vulnerability Type
N/A