Vulnerabilities > CVE-2014-8152 - 7PK - Security Features vulnerability in Apache Santuario XML Security for Java 2.0.0/2.0.1/2.0.2
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Apache Santuario XML Security for Java 2.0.x before 2.0.3 allows remote attackers to bypass the streaming XML signature protection mechanism via a crafted XML document.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Common Weakness Enumeration (CWE)
References
- http://santuario.apache.org/secadv.data/CVE-2014-8152.txt.asc
- http://santuario.apache.org/secadv.data/CVE-2014-8152.txt.asc
- http://seclists.org/oss-sec/2015/q1/181
- http://seclists.org/oss-sec/2015/q1/181
- http://www.securityfocus.com/bid/72115
- http://www.securityfocus.com/bid/72115
- http://www.securitytracker.com/id/1031556
- http://www.securitytracker.com/id/1031556
- https://exchange.xforce.ibmcloud.com/vulnerabilities/99993
- https://exchange.xforce.ibmcloud.com/vulnerabilities/99993
- https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3%40%3Ccommits.santuario.apache.org%3E
- https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3%40%3Ccommits.santuario.apache.org%3E
- https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd%40%3Ccommits.santuario.apache.org%3E
- https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd%40%3Ccommits.santuario.apache.org%3E