Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.apache.santuario/xmlsec@1.4.0

Type maven

Namespace org.apache.santuario

Name xmlsec

Version 1.4.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.1.7

Latest_non_vulnerable_version 3.0.3

Affected_by_vulnerabilities

url VCID-64x5-tgkj-9qb9

vulnerability_id VCID-64x5-tgkj-9qb9

summary jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization algorithm to apply to the SignedInfo part of the Signature."

references

reference_url

http://rhn.redhat.com/errata/RHSA-2013-1207.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-1207.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-1208.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-1208.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-1209.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-1209.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-1217.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-1217.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-1218.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-1218.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-1219.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-1219.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-1220.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-1220.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-1375.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-1375.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-1437.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-1437.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-1853.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-1853.html

reference_url

http://rhn.redhat.com/errata/RHSA-2014-0212.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2014-0212.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2172.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2172.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-2172

reference_id

reference_type

scores

value	0.05394
scoring_system	epss
scoring_elements	0.90137
published_at	2026-04-21T12:55:00Z

value	0.05394
scoring_system	epss
scoring_elements	0.90081
published_at	2026-04-01T12:55:00Z

value	0.05394
scoring_system	epss
scoring_elements	0.90084
published_at	2026-04-02T12:55:00Z

value	0.05394
scoring_system	epss
scoring_elements	0.90095
published_at	2026-04-04T12:55:00Z

value	0.05394
scoring_system	epss
scoring_elements	0.901
published_at	2026-04-07T12:55:00Z

value	0.05394
scoring_system	epss
scoring_elements	0.90115
published_at	2026-04-08T12:55:00Z

value	0.05394
scoring_system	epss
scoring_elements	0.90121
published_at	2026-04-09T12:55:00Z

value	0.05394
scoring_system	epss
scoring_elements	0.9013
published_at	2026-04-11T12:55:00Z

value	0.05394
scoring_system	epss
scoring_elements	0.90129
published_at	2026-04-12T12:55:00Z

value	0.05394
scoring_system	epss
scoring_elements	0.90123
published_at	2026-04-13T12:55:00Z

value	0.05394
scoring_system	epss
scoring_elements	0.90141
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-2172

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2172
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2172

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2172
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2172

reference_url

http://seclists.org/fulldisclosure/2014/Dec/23

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/fulldisclosure/2014/Dec/23

reference_url

https://github.com/apache/santuario-java

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/santuario-java

reference_url

https://github.com/apache/santuario-java/commit/25e0e11493b061749f778030036cb5c406b34590

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/santuario-java/commit/25e0e11493b061749f778030036cb5c406b34590

reference_url

https://github.com/apache/santuario-java/commit/8e8f8bf92a43608d7d5f9e357fae19244454a61f

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/santuario-java/commit/8e8f8bf92a43608d7d5f9e357fae19244454a61f

reference_url

https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3@%3Ccommits.santuario.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3@%3Ccommits.santuario.apache.org%3E

reference_url

https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3%40%3Ccommits.santuario.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3%40%3Ccommits.santuario.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd@%3Ccommits.santuario.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd@%3Ccommits.santuario.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd%40%3Ccommits.santuario.apache.org%3E

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd%40%3Ccommits.santuario.apache.org%3E

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-2172

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-2172

reference_url

http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java?r1=1353876&r2=1493772&pathrev=1493772&diff_format=h

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

https://web.archive.org/web/20160317145515/http://www.securityfocus.com/archive/1/534161/100/0/threaded

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20160317145515/http://www.securityfocus.com/archive/1/534161/100/0/threaded

reference_url

https://web.archive.org/web/20200228060314/http://www.securityfocus.com/bid/60846

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200228060314/http://www.securityfocus.com/bid/60846

reference_url

http://www.debian.org/security/2014/dsa-3065

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2014/dsa-3065

reference_url

http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

reference_url

http://www.ubuntu.com/usn/USN-2028-1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.ubuntu.com/usn/USN-2028-1

reference_url

http://www.vmware.com/security/advisories/VMSA-2014-0012.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.vmware.com/security/advisories/VMSA-2014-0012.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720375
reference_id	720375
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720375

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=999263
reference_id	999263
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=999263

reference_url

http://santuario.apache.org/secadv.data/CVE-2013-2172.txt.asc

reference_id

CVE-2013-2172.TXT.ASC

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://santuario.apache.org/secadv.data/CVE-2013-2172.txt.asc

reference_url

https://github.com/advisories/GHSA-r237-w2w6-jq3p

reference_id

GHSA-r237-w2w6-jq3p

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-r237-w2w6-jq3p

reference_url	https://access.redhat.com/errata/RHSA-2013:1207
reference_id	RHSA-2013:1207
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1207

reference_url	https://access.redhat.com/errata/RHSA-2013:1208
reference_id	RHSA-2013:1208
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1208

reference_url	https://access.redhat.com/errata/RHSA-2013:1209
reference_id	RHSA-2013:1209
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1209

reference_url	https://access.redhat.com/errata/RHSA-2013:1217
reference_id	RHSA-2013:1217
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1217

reference_url	https://access.redhat.com/errata/RHSA-2013:1218
reference_id	RHSA-2013:1218
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1218

reference_url	https://access.redhat.com/errata/RHSA-2013:1219
reference_id	RHSA-2013:1219
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1219

reference_url	https://access.redhat.com/errata/RHSA-2013:1220
reference_id	RHSA-2013:1220
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1220

reference_url	https://access.redhat.com/errata/RHSA-2013:1375
reference_id	RHSA-2013:1375
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1375

reference_url	https://access.redhat.com/errata/RHSA-2013:1437
reference_id	RHSA-2013:1437
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1437

reference_url	https://access.redhat.com/errata/RHSA-2013:1853
reference_id	RHSA-2013:1853
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1853

reference_url	https://access.redhat.com/errata/RHSA-2014:0212
reference_id	RHSA-2014:0212
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0212

reference_url	https://access.redhat.com/errata/RHSA-2014:0400
reference_id	RHSA-2014:0400
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:0400

reference_url	https://access.redhat.com/errata/RHSA-2014:1369
reference_id	RHSA-2014:1369
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1369

reference_url	https://usn.ubuntu.com/2028-1/
reference_id	USN-2028-1
reference_type
scores
url	https://usn.ubuntu.com/2028-1/

fixed_packages

url pkg:maven/org.apache.santuario/xmlsec@1.4.8

purl pkg:maven/org.apache.santuario/xmlsec@1.4.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-46y3-rx34-pyc6

vulnerability	VCID-h8wa-77tk-m3av

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.santuario/xmlsec@1.4.8

url pkg:maven/org.apache.santuario/xmlsec@1.5.5

purl pkg:maven/org.apache.santuario/xmlsec@1.5.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-46y3-rx34-pyc6

vulnerability	VCID-h8wa-77tk-m3av

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.santuario/xmlsec@1.5.5

aliases CVE-2013-2172, GHSA-r237-w2w6-jq3p

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-64x5-tgkj-9qb9

url VCID-6q4h-4h6p-nufq

vulnerability_id VCID-6q4h-4h6p-nufq

summary Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via unknown vectors related to Security.

references

reference_url	http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/a7758faab30d
reference_id
reference_type
scores
url	http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/a7758faab30d

reference_url

https://access.redhat.com/errata/RHSA-2014:0414

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2014:0414

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-5823.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-5823.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-5823

reference_id

reference_type

scores

value	0.04936
scoring_system	epss
scoring_elements	0.89636
published_at	2026-04-21T12:55:00Z

value	0.04936
scoring_system	epss
scoring_elements	0.89588
published_at	2026-04-01T12:55:00Z

value	0.04936
scoring_system	epss
scoring_elements	0.89591
published_at	2026-04-02T12:55:00Z

value	0.04936
scoring_system	epss
scoring_elements	0.89604
published_at	2026-04-04T12:55:00Z

value	0.04936
scoring_system	epss
scoring_elements	0.89605
published_at	2026-04-07T12:55:00Z

value	0.04936
scoring_system	epss
scoring_elements	0.89622
published_at	2026-04-08T12:55:00Z

value	0.04936
scoring_system	epss
scoring_elements	0.89627
published_at	2026-04-09T12:55:00Z

value	0.04936
scoring_system	epss
scoring_elements	0.89634
published_at	2026-04-11T12:55:00Z

value	0.04936
scoring_system	epss
scoring_elements	0.89633
published_at	2026-04-12T12:55:00Z

value	0.04936
scoring_system	epss
scoring_elements	0.89626
published_at	2026-04-13T12:55:00Z

value	0.04936
scoring_system	epss
scoring_elements	0.89641
published_at	2026-04-16T12:55:00Z

value	0.04936
scoring_system	epss
scoring_elements	0.89642
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-5823

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5823

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5823

reference_url

https://github.com/apache/santuario-java/commit/55a48497dfbf3fe63a81e67c13160b3f41ebb1f3

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/santuario-java/commit/55a48497dfbf3fe63a81e67c13160b3f41ebb1f3

reference_url

https://github.com/apache/santuario-java/commit/cea3c91106fb8be35e2f1bb3f1fe0cfddd0ec710

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/santuario-java/commit/cea3c91106fb8be35e2f1bb3f1fe0cfddd0ec710

reference_url

https://github.com/apache/santuario-java/commit/f9a61f2df9473237aa71308c28113540b4063d33

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/apache/santuario-java/commit/f9a61f2df9473237aa71308c28113540b4063d33

reference_url

https://issues.apache.org/jira/browse/SANTUARIO-334

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/jira/browse/SANTUARIO-334

reference_url

https://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.opensuse.org/opensuse-updates/2013-11/msg00023.html

reference_url

https://marc.info/?l=bugtraq&m=138674031212883&w=2

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://marc.info/?l=bugtraq&m=138674031212883&w=2

reference_url

https://marc.info/?l=bugtraq&m=138674073720143&w=2

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://marc.info/?l=bugtraq&m=138674073720143&w=2

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-5823

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-5823

reference_url

https://security.gentoo.org/glsa/glsa-201406-32.xml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/glsa-201406-32.xml

reference_url	http://svn.apache.org/viewvc?view=revision&revision=1367492
reference_id
reference_type
scores
url	http://svn.apache.org/viewvc?view=revision&revision=1367492

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1019145
reference_id	1019145
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1019145

reference_url	https://bugzilla.redhat.com/CVE-2013-5823
reference_id	CVE-2013-5823
reference_type
scores
url	https://bugzilla.redhat.com/CVE-2013-5823

reference_url

https://github.com/advisories/GHSA-8gwc-x7mg-7p7p

reference_id

GHSA-8gwc-x7mg-7p7p

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8gwc-x7mg-7p7p

reference_url	https://security.gentoo.org/glsa/201401-30
reference_id	GLSA-201401-30
reference_type
scores
url	https://security.gentoo.org/glsa/201401-30

reference_url	https://security.gentoo.org/glsa/201406-32
reference_id	GLSA-201406-32
reference_type
scores
url	https://security.gentoo.org/glsa/201406-32

reference_url	https://access.redhat.com/errata/RHSA-2013:1440
reference_id	RHSA-2013:1440
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1440

reference_url	https://access.redhat.com/errata/RHSA-2013:1447
reference_id	RHSA-2013:1447
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1447

reference_url	https://access.redhat.com/errata/RHSA-2013:1451
reference_id	RHSA-2013:1451
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1451

reference_url	https://access.redhat.com/errata/RHSA-2013:1505
reference_id	RHSA-2013:1505
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1505

reference_url	https://access.redhat.com/errata/RHSA-2013:1507
reference_id	RHSA-2013:1507
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1507

reference_url	https://access.redhat.com/errata/RHSA-2013:1508
reference_id	RHSA-2013:1508
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1508

reference_url	https://access.redhat.com/errata/RHSA-2013:1793
reference_id	RHSA-2013:1793
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1793

reference_url	https://usn.ubuntu.com/2033-1/
reference_id	USN-2033-1
reference_type
scores
url	https://usn.ubuntu.com/2033-1/

reference_url	https://usn.ubuntu.com/2089-1/
reference_id	USN-2089-1
reference_type
scores
url	https://usn.ubuntu.com/2089-1/

fixed_packages

url pkg:maven/org.apache.santuario/xmlsec@1.4.8

purl pkg:maven/org.apache.santuario/xmlsec@1.4.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-46y3-rx34-pyc6

vulnerability	VCID-h8wa-77tk-m3av

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.santuario/xmlsec@1.4.8

url pkg:maven/org.apache.santuario/xmlsec@1.5.3

purl pkg:maven/org.apache.santuario/xmlsec@1.5.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-46y3-rx34-pyc6

vulnerability	VCID-64x5-tgkj-9qb9

vulnerability	VCID-h8wa-77tk-m3av

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.santuario/xmlsec@1.5.3

aliases CVE-2013-5823, GHSA-8gwc-x7mg-7p7p

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6q4h-4h6p-nufq

url VCID-z7ht-bq8z-3qgd

vulnerability_id VCID-z7ht-bq8z-3qgd

summary

XML signature HMAC truncation authentication bypass
This package uses a parameter that defines an HMAC truncation length (`HMACOutputLength`) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0217.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0217.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2009-0217

reference_id

reference_type

scores

value	0.01986
scoring_system	epss
scoring_elements	0.83541
published_at	2026-04-02T12:55:00Z

value	0.01986
scoring_system	epss
scoring_elements	0.83581
published_at	2026-04-08T12:55:00Z

value	0.01986
scoring_system	epss
scoring_elements	0.83557
published_at	2026-04-07T12:55:00Z

value	0.01986
scoring_system	epss
scoring_elements	0.83556
published_at	2026-04-04T12:55:00Z

value	0.01986
scoring_system	epss
scoring_elements	0.83529
published_at	2026-04-01T12:55:00Z

value	0.01986
scoring_system	epss
scoring_elements	0.83605
published_at	2026-04-11T12:55:00Z

value	0.01986
scoring_system	epss
scoring_elements	0.8359
published_at	2026-04-09T12:55:00Z

value	0.0222
scoring_system	epss
scoring_elements	0.84514
published_at	2026-04-21T12:55:00Z

value	0.0222
scoring_system	epss
scoring_elements	0.84512
published_at	2026-04-18T12:55:00Z

value	0.0222
scoring_system	epss
scoring_elements	0.84491
published_at	2026-04-13T12:55:00Z

value	0.0222
scoring_system	epss
scoring_elements	0.84495
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2009-0217

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=511915

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=511915

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0217
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0217

reference_url

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-041

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-041

reference_url

https://gitlab.gnome.org/Archive/xmlsec/-/commit/34b349675af9f72eb822837a8772cc1ead7115c7

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://gitlab.gnome.org/Archive/xmlsec/-/commit/34b349675af9f72eb822837a8772cc1ead7115c7

reference_url

https://issues.apache.org/bugzilla/show_bug.cgi?id=47526

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/bugzilla/show_bug.cgi?id=47526

reference_url

https://issues.apache.org/bugzilla/show_bug.cgi?id=47527

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.apache.org/bugzilla/show_bug.cgi?id=47527

reference_url

https://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html

reference_url

https://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html

reference_url

https://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html

reference_url

https://marc.info/?l=bugtraq&m=125787273209737&w=2

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://marc.info/?l=bugtraq&m=125787273209737&w=2

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2009-0217

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2009-0217

reference_url

https://rhn.redhat.com/errata/RHSA-2009-1428.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://rhn.redhat.com/errata/RHSA-2009-1428.html

reference_url

https://svn.apache.org/viewvc?revision=794013&view=revision

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://svn.apache.org/viewvc?revision=794013&view=revision

reference_url	http://svn.apache.org/viewvc?view=revision&revision=794013
reference_id
reference_type
scores
url	http://svn.apache.org/viewvc?view=revision&revision=794013

reference_url

https://www.debian.org/security/2010/dsa-1995

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2010/dsa-1995

reference_url

https://www.gentoo.org/security/en/glsa/glsa-201408-19.xml

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.gentoo.org/security/en/glsa/glsa-201408-19.xml

reference_url

https://www.kb.cert.org/vuls/id/466161

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.kb.cert.org/vuls/id/466161

reference_url

https://www.kb.cert.org/vuls/id/MAPG-7TSKXQ

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.kb.cert.org/vuls/id/MAPG-7TSKXQ

reference_url

https://www.kb.cert.org/vuls/id/WDON-7TY529

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.kb.cert.org/vuls/id/WDON-7TY529

reference_url

https://www.mandriva.com/security/advisories?name=MDVSA-2009:209

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.mandriva.com/security/advisories?name=MDVSA-2009:209

reference_url

https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html

reference_url

https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html

reference_url

https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00494.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00494.html

reference_url

https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00505.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00505.html

reference_url

https://www.redhat.com/support/errata/RHSA-2009-1694.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.redhat.com/support/errata/RHSA-2009-1694.html

reference_url

https://www.ubuntu.com/usn/USN-903-1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.ubuntu.com/usn/USN-903-1

reference_url

https://www.us-cert.gov/cas/techalerts/TA09-294A.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.us-cert.gov/cas/techalerts/TA09-294A.html

reference_url

https://www.w3.org/2008/06/xmldsigcore-errata.html#e03

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.w3.org/2008/06/xmldsigcore-errata.html#e03

reference_url

https://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html

reference_url

http://www.us-cert.gov/cas/techalerts/TA10-159B.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.us-cert.gov/cas/techalerts/TA10-159B.html

reference_url	https://bugzilla.redhat.com/CVE-2009-0217
reference_id	CVE-2009-0217
reference_type
scores
url	https://bugzilla.redhat.com/CVE-2009-0217

reference_url

https://github.com/advisories/GHSA-8hfm-837h-hjg5

reference_id

GHSA-8hfm-837h-hjg5

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8hfm-837h-hjg5

reference_url	https://security.gentoo.org/glsa/201206-13
reference_id	GLSA-201206-13
reference_type
scores
url	https://security.gentoo.org/glsa/201206-13

reference_url	https://security.gentoo.org/glsa/201408-19
reference_id	GLSA-201408-19
reference_type
scores
url	https://security.gentoo.org/glsa/201408-19

reference_url	https://access.redhat.com/errata/RHSA-2009:1200
reference_id	RHSA-2009:1200
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2009:1200

reference_url	https://access.redhat.com/errata/RHSA-2009:1201
reference_id	RHSA-2009:1201
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2009:1201

reference_url	https://access.redhat.com/errata/RHSA-2009:1428
reference_id	RHSA-2009:1428
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2009:1428

reference_url	https://access.redhat.com/errata/RHSA-2009:1636
reference_id	RHSA-2009:1636
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2009:1636

reference_url	https://access.redhat.com/errata/RHSA-2009:1637
reference_id	RHSA-2009:1637
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2009:1637

reference_url	https://access.redhat.com/errata/RHSA-2009:1649
reference_id	RHSA-2009:1649
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2009:1649

reference_url	https://access.redhat.com/errata/RHSA-2009:1650
reference_id	RHSA-2009:1650
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2009:1650

reference_url	https://access.redhat.com/errata/RHSA-2010:0043
reference_id	RHSA-2010:0043
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2010:0043

reference_url	https://usn.ubuntu.com/814-1/
reference_id	USN-814-1
reference_type
scores
url	https://usn.ubuntu.com/814-1/

reference_url	https://usn.ubuntu.com/826-1/
reference_id	USN-826-1
reference_type
scores
url	https://usn.ubuntu.com/826-1/

reference_url	https://usn.ubuntu.com/903-1/
reference_id	USN-903-1
reference_type
scores
url	https://usn.ubuntu.com/903-1/

fixed_packages

url pkg:maven/org.apache.santuario/xmlsec@1.4.3

purl pkg:maven/org.apache.santuario/xmlsec@1.4.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-46y3-rx34-pyc6

vulnerability	VCID-64x5-tgkj-9qb9

vulnerability	VCID-6q4h-4h6p-nufq

vulnerability	VCID-h8wa-77tk-m3av

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.santuario/xmlsec@1.4.3

aliases CVE-2009-0217, GHSA-8hfm-837h-hjg5

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z7ht-bq8z-3qgd

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.santuario/xmlsec@1.4.0

Package Instance