‫ Apache XML Security Multiple Vulnerabilities

IRCAD2013062743
ID: IRCAD2013062743
Release Date: 2013-06-18
Criticality level: Highly critical
 
Software:
Apache XML Security (C++) 1.x
 
Description:
Multiple vulnerabilities have been reported in Apache XML Security, which can be exploited by malicious people to conduct spoofing attacks, cause a DoS (Denial of Service), and compromise an application using the library.
1) An error when processing certain XPointer expressions within the XML Signature Reference processing code can be exploited to cause a stack-based buffer overflow.
2) An error when processing the length of HMAC-based XML signatures can be exploited to cause a crash.
3) Another error when processing HMAC-based XML signatures can be exploited to spoof XML data.
4) An error when processing PrefixList attributes can be exploited to cause a heap-based buffer overflow.
Successful exploitation of the vulnerabilities #1 and #4 may allow execution of arbitrary code.
The vulnerabilities are reported in versions prior to 1.7.1.
 
Solution
Update to version 1.7.1.
 
References:
Apache Santuario:
 
Secunia:
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 29 خرداد 1392

امتیاز

امتیاز شما
تعداد امتیازها:0