Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2014-8152

Good to know:

icon
icon

Date: January 21, 2015

Apache Santuario XML Security for Java 2.0.x before 2.0.3 allows remote attackers to bypass the streaming XML signature protection mechanism via a crafted XML document.

Language: Java

Severity Score

Related Resources (14)

https://nvd.nist.gov/vuln/detail/CVE-2014-8152
http://www.securityfocus.com/bid/72115
http://santuario.apache.org/secadv.data/CVE-2014-8152.txt.asc
https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd@%3Ccommits.santuario.apache.org%3E
http://www.securitytracker.com/id/1031556
https://github.com/apache/santuario-java/commit/55857fd4cdfdb1af4069170ecdac448c078f544e
https://lists.apache.org/thread.html/r1c07a561426ec5579073046ad7f4207cdcef452bb3100abaf908e0cd%40%3Ccommits.santuario.apache.org%3E
https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3%40%3Ccommits.santuario.apache.org%3E
http://seclists.org/oss-sec/2015/q1/181
https://svn.apache.org/viewvc?view=revision&revision=1634334
https://exchange.xforce.ibmcloud.com/vulnerabilities/99993
https://lists.apache.org/thread.html/680e6938b6412e26d5446054fd31de2011d33af11786b989127d1cc3@%3Ccommits.santuario.apache.org%3E
https://github.com/apache/santuario-java
https://www.mend.io/vulnerability-database/CVE-2014-8152

Severity Score

Weakness Type (CWE)

Improper Input Validation

CWE-20

Security Features

CWE-254

Top Fix

icon

Upgrade Version

Upgrade to version codelab/flaskphp-identity-smartid - no_fix;codelab/flaskphp-identity-smartid - v1.4.1;codelab/flaskphp-identity-smartid - v1.0.0;org.apache.cxf.services.sts:cxf-services-sts-war:3.0.3;org.apache.santuario:xmlsec:2.0.3;org.apache.cxf.services.xkms:cxf-services-xkms-war:3.0.3

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): LOW
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): PARTIAL
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us