Back to bug 999263
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| David Jorm | 2013-08-21 04:14:04 UTC | CC | weli | |
| David Jorm | 2013-08-21 04:27:56 UTC | Blocks | 999265 | |
| David Jorm | 2013-08-23 03:13:22 UTC | Whiteboard | impact=moderate,public=20130625,reported=20130820,source=cve,cvss2=4/AV:N/AC:H/Au:N/C:P/I:P/A:N,jboss/xml-security=new | impact=moderate,public=20130625,reported=20130820,source=cve,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,jboss/xml-security=new |
| David Jorm | 2013-08-23 04:02:34 UTC | Whiteboard | impact=moderate,public=20130625,reported=20130820,source=cve,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,jboss/xml-security=new | impact=moderate,public=20130625,reported=20130820,source=cve,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,eap-4/xmlsec=wontfix,epp-4/xmlsec=wontfix,soap-4.2/xmlsec=wontfix,soap-4.3/xmlsec=wontfix,eap-5/xmlsec=affected,eap-6/xmlsec=affected,brms-5/xmlsec=affected,soap-5/xmlsec=affected,jpp-6/xmlsec=affected,epp-5/xmlsec=affected,jon-3.1/xmlsec=affected,jboss/fuse-enterprise-esb-7=affected,jboss/fuse-6=affected |
| David Jorm | 2013-08-23 04:07:25 UTC | Depends On | 1000238 | |
| David Jorm | 2013-08-23 04:07:45 UTC | Depends On | 1000239 | |
| David Jorm | 2013-08-23 04:08:05 UTC | Depends On | 1000240 | |
| David Jorm | 2013-08-23 04:08:20 UTC | Depends On | 1000241 | |
| David Jorm | 2013-08-23 04:08:33 UTC | Depends On | 1000242 | |
| David Jorm | 2013-08-23 04:08:57 UTC | Depends On | 1000243 | |
| David Jorm | 2013-08-23 04:09:19 UTC | Depends On | 1000244 | |
| David Jorm | 2013-08-23 04:50:24 UTC | Blocks | 980700 | |
| David Jorm | 2013-08-23 05:10:49 UTC | Blocks | 970481 | |
| David Jorm | 2013-08-26 02:00:00 UTC | Whiteboard | impact=moderate,public=20130625,reported=20130820,source=cve,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,eap-4/xmlsec=wontfix,epp-4/xmlsec=wontfix,soap-4.2/xmlsec=wontfix,soap-4.3/xmlsec=wontfix,eap-5/xmlsec=affected,eap-6/xmlsec=affected,brms-5/xmlsec=affected,soap-5/xmlsec=affected,jpp-6/xmlsec=affected,epp-5/xmlsec=affected,jon-3.1/xmlsec=affected,jboss/fuse-enterprise-esb-7=affected,jboss/fuse-6=affected | impact=moderate,public=20130625,reported=20130820,source=cve,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,eap-4/xmlsec=wontfix,epp-4/xmlsec=wontfix,soap-4.2/xmlsec=wontfix,soap-4.3/xmlsec=wontfix,eap-5/xmlsec=affected,eap-6/xmlsec=affected,brms-5/xmlsec=affected,soap-5/xmlsec=affected,jpp-6/xmlsec=affected,epp-5/xmlsec=wontfix,jon-3.1/xmlsec=affected,jboss/fuse-enterprise-esb-7=affected,jboss/fuse-6=affected |
| David Jorm | 2013-08-28 05:38:13 UTC | Blocks | 956239 | |
| David Jorm | 2013-09-05 07:17:54 UTC | Blocks | 1004652 | |
| David Jorm | 2013-09-13 05:45:21 UTC | Blocks | 1007672 | |
| David Jorm | 2013-11-04 06:19:21 UTC | Blocks | 1026176 | |
| Chess Hazlett | 2014-04-15 02:30:46 UTC | CC | chazlett | |
| Chess Hazlett | 2014-06-25 23:19:17 UTC | Blocks | 1113315 | |
| Martin Prpič | 2014-10-09 11:42:18 UTC | Doc Text | A flaw was found in the way Apache Santuario XML Security for Java validated XML signatures. Santuario allowed a signature to specify an arbitrary canonicalization algorithm, which would be applied to the SignedInfo XML fragment. A remote attacker could exploit this to spoof an XML signature via a specially crafted XML signature block. | |
| Chess Hazlett | 2014-10-09 18:24:30 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2014-10-09 14:24:30 UTC | |||
| Ján Rusnačko | 2014-10-10 08:08:14 UTC | CC | jrusnack | |
| Whiteboard | impact=moderate,public=20130625,reported=20130820,source=cve,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,eap-4/xmlsec=wontfix,epp-4/xmlsec=wontfix,soap-4.2/xmlsec=wontfix,soap-4.3/xmlsec=wontfix,eap-5/xmlsec=affected,eap-6/xmlsec=affected,brms-5/xmlsec=affected,soap-5/xmlsec=affected,jpp-6/xmlsec=affected,epp-5/xmlsec=wontfix,jon-3.1/xmlsec=affected,jboss/fuse-enterprise-esb-7=affected,jboss/fuse-6=affected | impact=moderate,public=20130625,reported=20130820,source=cve,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,eap-4/xmlsec=wontfix,epp-4/xmlsec=wontfix,soap-4.2/xmlsec=wontfix,soap-4.3/xmlsec=wontfix,eap-5/xmlsec=affected,eap-6/xmlsec=affected,brms-5/xmlsec=affected,soap-5/xmlsec=affected,jpp-6/xmlsec=affected,epp-5/xmlsec=wontfix,jon-3.1/xmlsec=affected,jboss/fuse-enterprise-esb-7=affected,jboss/fuse-6=affected,cwe=CWE-290 | ||
| John Skeoch | 2014-10-21 00:05:22 UTC | CC | mjc | |
| Product Security DevOps Team | 2019-09-29 13:07:30 UTC | Whiteboard | impact=moderate,public=20130625,reported=20130820,source=cve,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,eap-4/xmlsec=wontfix,epp-4/xmlsec=wontfix,soap-4.2/xmlsec=wontfix,soap-4.3/xmlsec=wontfix,eap-5/xmlsec=affected,eap-6/xmlsec=affected,brms-5/xmlsec=affected,soap-5/xmlsec=affected,jpp-6/xmlsec=affected,epp-5/xmlsec=wontfix,jon-3.1/xmlsec=affected,jboss/fuse-enterprise-esb-7=affected,jboss/fuse-6=affected,cwe=CWE-290 |
Back to bug 999263