The XML digital signature functionality (xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows context-dependent attackers to reuse signatures and spoof arbitrary content via crafted Reference elements in the Signature, aka XML Signature Bypass issue.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Xml_security_for_c++ | Apache | * | 1.7.0 (including) |
| Xml_security_for_c++ | Apache | 0.1.0 (including) | 0.1.0 (including) |
| Xml_security_for_c++ | Apache | 0.2.0 (including) | 0.2.0 (including) |
| Xml_security_for_c++ | Apache | 1.1.0 (including) | 1.1.0 (including) |
| Xml_security_for_c++ | Apache | 1.2.0 (including) | 1.2.0 (including) |
| Xml_security_for_c++ | Apache | 1.2.1 (including) | 1.2.1 (including) |
| Xml_security_for_c++ | Apache | 1.3.0 (including) | 1.3.0 (including) |
| Xml_security_for_c++ | Apache | 1.3.1 (including) | 1.3.1 (including) |
| Xml_security_for_c++ | Apache | 1.4.0 (including) | 1.4.0 (including) |
| Xml_security_for_c++ | Apache | 1.5.0 (including) | 1.5.0 (including) |
| Xml_security_for_c++ | Apache | 1.5.1 (including) | 1.5.1 (including) |
| Xml_security_for_c++ | Apache | 1.6.0 (including) | 1.6.0 (including) |
| Xml_security_for_c++ | Apache | 1.6.1 (including) | 1.6.1 (including) |
| Xml-security-c | Ubuntu | lucid | * |
| Xml-security-c | Ubuntu | precise | * |
| Xml-security-c | Ubuntu | quantal | * |
| Xml-security-c | Ubuntu | raring | * |
| Xml-security-c | Ubuntu | upstream | * |