CVE-2013-2172

EIP tracks 2 public exploits for CVE-2013-2172. PoCs published by dawetmaster, andikahilmy.

AI-analyzed exploit summary This repository contains functional Java code demonstrating CVE-2013-2172, a vulnerability in Apache Santuario XML Security for Java. The code includes samples for generating and validating XML signatures, which can be used to exploit the vulnerability.

jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache Santuario XML Security for Java 1.4.x before 1.4.8 and 1.5.x before 1.5.5 allows context-dependent attackers to spoof an XML Signature by using the CanonicalizationMethod parameter to specify an arbitrary weak "canonicalization algorithm to apply to the SignedInfo part of the Signature."