CVE-2013-2153
xml-security-c - several
EPSS 0.83%
Description
The XML digital signature functionality (xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows context-dependent attackers to reuse signatures and spoof arbitrary content via crafted Reference elements in the Signature, aka "XML Signature Bypass issue."
How to fix CVE-2013-2153
To remediate CVE-2013-2153, upgrade the affected package to a fixed version below.
- Debian/xml-security-c—upgrade to 1.6.1-6 or later
- Debian/xml-security-c—upgrade to 1.5.1-3+squeeze2 or later
Is CVE-2013-2153 being exploited?
Low — EPSS is 0.8%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1.6.1-6
- from 0, < 1.5.1-3+squeeze2