CVE-2013-2172

jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization algorithm to apply to the SignedInfo part of the Signature."

jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization algorithm to apply to the SignedInfo part of the Signature."

`jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java` in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization algorithm to apply to the SignedInfo part of the Signature."

`jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java` in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization algorithm to apply to the SignedInfo part of the Signature."

jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java en Apache Santuario XML Security para Java 1.4.x anterior a 1.4.8 y 1.5.x anterior a 1.5.5 , permite a atacantes dependientes del contexto suplantar una firma XML utilizando el parámetro "CanonicalizationMethod" para especificar la debilidad arbitraria: "canonización del algoritmo a aplicar para la parte SignedInfo de la firma".