Описание
In OASIS Digital Signature Services (DSS) 1.0, an attacker can control the validation outcome (i.e., trigger either a valid or invalid outcome for a valid or invalid signature) via a crafted XML signature, when the InlineXML option is used. This defeats the expectation of non-repudiation.
Ссылки
- Permissions RequiredVendor Advisory
- Vendor Advisory
- Vendor Advisory
- Permissions RequiredVendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:oasis-open:oasis_digital_signature_services:1.0:*:*:*:*:*:*:*
EPSS
Процентиль: 33%
0.00132
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-347
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
In OASIS Digital Signature Services (DSS) 1.0, an attacker can control the validation outcome (i.e., trigger either a valid or invalid outcome for a valid or invalid signature) via a crafted XML signature, when the InlineXML option is used. This defeats the expectation of non-repudiation.
EPSS
Процентиль: 33%
0.00132
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-347