The implementation of XML digital signatures in the Santuario-C++ library is vulnerable to a spoofing issue allowing an attacker to reuse existing signatures with arbitrary content. The vulnerability affects only applications that do not perform proper checking/analysis of the content of the Reference elements in the Signature, but the bug exacerbates this problem by opening such applications to attacks using arbitrary content, instead of just attacks involving malicious, but signed, content. Versions prior to 1.7.1 are affected.
f4cc52eebffe98291d0852b7719520ff57e20f3844e5293b69e302a109d1c520Debian Linux Security Advisory 2710-1 - James Forshaw from Context Information Security discovered several vulnerabilities in xml-security-c, an implementation of the XML Digital Security specification.
9115a6092e44a563c15e997a4b11c3f9292f19c14422c4354bf87e64e409defa
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed