4.3

CVSS Score

Basic Information

CVE ID

CVE-2013-4517

GHSA ID

GHSA-4p4w-6h54-g885

EPSS Score

0.93766%

CWE

CWE-20

Published

5/13/2022

Updated

3/5/2024

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2013-4517

CVE-2013-4517:
Improper Input Validation in Apache Santuario XML Security

Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures.

(GitHub Advisory)

4.3

CVSS Score

Basic Information

CVE ID

CVE-2013-4517

GHSA ID

GHSA-4p4w-6h54-g885

EPSS Score

0.93766%

CWE

CWE-20

Published

5/13/2022

Updated

3/5/2024

KEV Status

Technology

Java

Technical Details

CVSS Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.apache.santuario:xmlsec	maven	< 1.5.6	1.5.6

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

*p**** S*ntu*rio XML S**urity *or J*v* ***or* *.*.*, w**n *pplyin* Tr*ns*orms, *llows r*mot* *tt**k*rs to **us* * **ni*l o* s*rvi** (m*mory *onsumption) vi* *r**t** *o*um*nt Typ* ***initions (*T*s), r*l*t** to si*n*tur*s.

Reasoning

No *n*lysis *v*il**l*

4.3

Basic Information

Concerned about an active attack path?

CVE-2013-4517: Improper Input Validation in Apache Santuario XML Security

4.3

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

CVE-2013-4517:
Improper Input Validation in Apache Santuario XML Security

Vulnerability Intelligence
Miggo AI