jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak canonicalization algorithm to apply to the SignedInfo part of the Signature.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Santuario_xml_security_for_java | Apache | 1.4.7 (including) | 1.4.7 (including) |
Santuario_xml_security_for_java | Apache | 1.5.0 (including) | 1.5.0 (including) |
Santuario_xml_security_for_java | Apache | 1.5.1 (including) | 1.5.1 (including) |
Santuario_xml_security_for_java | Apache | 1.5.2 (including) | 1.5.2 (including) |
Santuario_xml_security_for_java | Apache | 1.5.3 (including) | 1.5.3 (including) |
Santuario_xml_security_for_java | Apache | 1.5.4 (including) | 1.5.4 (including) |