CVE-2014-8152

Summary

CVE	CVE-2014-8152
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2015-01-21 18:59:00 UTC
Updated	2023-11-07 02:22:00 UTC
Description	Apache Santuario XML Security for Java 2.0.x before 2.0.3 allows remote attackers to bypass the streaming XML signature protection mechanism via a crafted XML document.

Risk And Classification

Problem Types: CWE-254

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Apache	Santuario Xml Security For Java	2.0.0	All	All	All
Application	Apache	Santuario Xml Security For Java	2.0.1	All	All	All
Application	Apache	Santuario Xml Security For Java	2.0.2	All	All	All
Application	Apache	Santuario Xml Security For Java	2.0.0	All	All	All
Application	Apache	Santuario Xml Security For Java	2.0.1	All	All	All
Application	Apache	Santuario Xml Security For Java	2.0.2	All	All	All

References

Reference	Source	Link	Tags
Apache Santuario Streaming XML Signature Bug Lets Remote Users Bypass Signature Verification - SecurityTracker	SECTRACK	www.securitytracker.com
[santuario-commits] 20210917 svn commit: r1076843 - in /websites/production/santuario/content: cache/main.pageCache index.html javaindex.html secadv.data/CVE-2021-40690.txt.asc secadv.html		lists.apache.org
Pony Mail!		lists.apache.org
oss-sec: New Apache Santuario security advisory CVE-2014-8152	MLIST	seclists.org
Apache Santuario 'XML Signature Verification' Security Bypass Vulnerability	BID	www.securityfocus.com
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com
Pony Mail!	MLIST	lists.apache.org
Pony Mail!	MLIST	lists.apache.org
santuario.apache.org/secadv.data/CVE-2014-8152.txt.asc	CONFIRM	santuario.apache.org	Vendor Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.