Search for vulnerabilities
Vulnerability details: VCID-z1y7-dhpx-4yh1
Vulnerability ID VCID-z1y7-dhpx-4yh1
Aliases CVE-2013-2172
GHSA-r237-w2w6-jq3p
Summary
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (5)
CWE-407 Inefficient Algorithmic Complexity
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-310 Cryptographic Issues
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-290 Authentication Bypass by Spoofing
System Score Found at
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-1207.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-1208.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-1209.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-1217.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-1218.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-1219.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-1220.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-1375.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-1437.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2013-1853.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2014-0212.html
generic_textual MODERATE http://santuario.apache.org/secadv.data/CVE-2013-2172.txt.asc
epss 0.04052 https://api.first.org/data/v1/epss?cve=CVE-2013-2172
epss 0.04052 https://api.first.org/data/v1/epss?cve=CVE-2013-2172
epss 0.04052 https://api.first.org/data/v1/epss?cve=CVE-2013-2172
epss 0.04052 https://api.first.org/data/v1/epss?cve=CVE-2013-2172
epss 0.04052 https://api.first.org/data/v1/epss?cve=CVE-2013-2172
epss 0.04052 https://api.first.org/data/v1/epss?cve=CVE-2013-2172
epss 0.04052 https://api.first.org/data/v1/epss?cve=CVE-2013-2172
epss 0.04052 https://api.first.org/data/v1/epss?cve=CVE-2013-2172
epss 0.04052 https://api.first.org/data/v1/epss?cve=CVE-2013-2172
epss 0.04052 https://api.first.org/data/v1/epss?cve=CVE-2013-2172
epss 0.04052 https://api.first.org/data/v1/epss?cve=CVE-2013-2172
epss 0.04052 https://api.first.org/data/v1/epss?cve=CVE-2013-2172
epss 0.04052 https://api.first.org/data/v1/epss?cve=CVE-2013-2172
epss 0.04052 https://api.first.org/data/v1/epss?cve=CVE-2013-2172
epss 0.06913 https://api.first.org/data/v1/epss?cve=CVE-2013-2172
generic_textual MODERATE http://seclists.org/fulldisclosure/2014/Dec/23
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-r237-w2w6-jq3p
generic_textual MODERATE https://github.com/apache/santuario-java
generic_textual MODERATE https://github.com/apache/santuario-java/commit/25e0e11493b061749f778030036cb5c406b34590
generic_textual MODERATE https://github.com/apache/santuario-java/commit/8e8f8bf92a43608d7d5f9e357fae19244454a61f
generic_textual MODERATE https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3@%3Ccommits.santuario.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3%40%3Ccommits.santuario.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd@%3Ccommits.santuario.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd%40%3Ccommits.santuario.apache.org%3E
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2013-2172
generic_textual MODERATE http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java?r1=1353876&r2=1493772&pathrev=1493772&diff_format=h
generic_textual MODERATE https://web.archive.org/web/20160317145515/http://www.securityfocus.com/archive/1/534161/100/0/threaded
generic_textual MODERATE https://web.archive.org/web/20200228060314/http://www.securityfocus.com/bid/60846
generic_textual MODERATE http://www.debian.org/security/2014/dsa-3065
generic_textual MODERATE http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
generic_textual MODERATE http://www.ubuntu.com/usn/USN-2028-1
generic_textual MODERATE http://www.vmware.com/security/advisories/VMSA-2014-0012.html
Reference id Reference type URL
http://rhn.redhat.com/errata/RHSA-2013-1207.html
http://rhn.redhat.com/errata/RHSA-2013-1208.html
http://rhn.redhat.com/errata/RHSA-2013-1209.html
http://rhn.redhat.com/errata/RHSA-2013-1217.html
http://rhn.redhat.com/errata/RHSA-2013-1218.html
http://rhn.redhat.com/errata/RHSA-2013-1219.html
http://rhn.redhat.com/errata/RHSA-2013-1220.html
http://rhn.redhat.com/errata/RHSA-2013-1375.html
http://rhn.redhat.com/errata/RHSA-2013-1437.html
http://rhn.redhat.com/errata/RHSA-2013-1853.html
http://rhn.redhat.com/errata/RHSA-2014-0212.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2172.json
http://santuario.apache.org/secadv.data/CVE-2013-2172.txt.asc
https://api.first.org/data/v1/epss?cve=CVE-2013-2172
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2172
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2172
http://seclists.org/fulldisclosure/2014/Dec/23
https://github.com/apache/santuario-java
https://github.com/apache/santuario-java/commit/25e0e11493b061749f778030036cb5c406b34590
https://github.com/apache/santuario-java/commit/8e8f8bf92a43608d7d5f9e357fae19244454a61f
https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3@%3Ccommits.santuario.apache.org%3E
https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3%40%3Ccommits.santuario.apache.org%3E
https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd@%3Ccommits.santuario.apache.org%3E
https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd%40%3Ccommits.santuario.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2013-2172
http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java?r1=1353876&r2=1493772&pathrev=1493772&diff_format=h
https://web.archive.org/web/20160317145515/http://www.securityfocus.com/archive/1/534161/100/0/threaded
https://web.archive.org/web/20200228060314/http://www.securityfocus.com/bid/60846
http://www.debian.org/security/2014/dsa-3065
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
http://www.ubuntu.com/usn/USN-2028-1
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
720375 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720375
999263 https://bugzilla.redhat.com/show_bug.cgi?id=999263
GHSA-r237-w2w6-jq3p https://github.com/advisories/GHSA-r237-w2w6-jq3p
RHSA-2013:1207 https://access.redhat.com/errata/RHSA-2013:1207
RHSA-2013:1208 https://access.redhat.com/errata/RHSA-2013:1208
RHSA-2013:1209 https://access.redhat.com/errata/RHSA-2013:1209
RHSA-2013:1217 https://access.redhat.com/errata/RHSA-2013:1217
RHSA-2013:1218 https://access.redhat.com/errata/RHSA-2013:1218
RHSA-2013:1219 https://access.redhat.com/errata/RHSA-2013:1219
RHSA-2013:1220 https://access.redhat.com/errata/RHSA-2013:1220
RHSA-2013:1375 https://access.redhat.com/errata/RHSA-2013:1375
RHSA-2013:1437 https://access.redhat.com/errata/RHSA-2013:1437
RHSA-2013:1853 https://access.redhat.com/errata/RHSA-2013:1853
RHSA-2014:0212 https://access.redhat.com/errata/RHSA-2014:0212
RHSA-2014:0400 https://access.redhat.com/errata/RHSA-2014:0400
RHSA-2014:1369 https://access.redhat.com/errata/RHSA-2014:1369
USN-2028-1 https://usn.ubuntu.com/2028-1/
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.8807
EPSS Score 0.04052
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T07:58:43.696238+00:00 ProjectKB MSRImporter Import https://raw.githubusercontent.com/SAP/project-kb/master/MSR2019/dataset/vulas_db_msr2019_release.csv 37.0.0