Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2013-2210

EPSS 1.56% · P82
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2013-2210

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Heap-based buffer overflow in the XML Signature Reference functionality in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.2 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed XPointer expressions. NOTE: this is due to an incorrect fix for CVE-2013-2154.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Apache Santuario 缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Apache Santuario是美国阿帕奇(Apache)基金会的一套实现XML的主要安全标准,它包含两个库:Apache XML Security for Java和Apache XML Security for C++。 Apache Santuario 1.7.1及之前版本存在缓冲区错误漏洞。上下文相关的攻击者可借助畸形的XPointer表达式,利用该漏洞造成拒绝服务(崩溃),也可能执行任意代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2013-2210

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2013-2210

Please Login to view more intelligence information

Same Patch Batch · n/a · 2013-08-20 · 30 CVEs total

CVE-2013-4959Puppet Enterprise 信息泄露漏洞
CVE-2013-4653多款Alcatel-Lucent OmniTouch产品跨站脚本漏洞
CVE-2013-5321AlienVault OSSIM 多个SQL注入漏洞
CVE-2013-5320mojoportal 跨站脚本漏洞
CVE-2013-5319Atlassian JIRA ’name‘参数跨站脚本漏洞
CVE-2013-5318Ginkgo CMS ‘rang’参数SQL注入漏洞
CVE-2013-5317RiteCMS 跨站脚本漏洞
CVE-2013-5316RiteCMS 跨站请求伪造漏洞
CVE-2013-5323TYPO3 Static Info Tables 未明跨站脚本漏洞
CVE-2013-5322TYPO3 CoolURI 未明SQL注入漏洞
CVE-2012-6582Drupal Spambot 模块跨站脚本漏洞
CVE-2013-4967Puppet Enterprise 信任管理漏洞
CVE-2013-4964Puppet Enterprise 权限许可和访问控制漏洞
CVE-2013-4962Puppet Enterprise 信任管理漏洞
CVE-2013-4961Puppet Enterprise 信息泄露漏洞
CVE-2013-2153Apache Santuario XML Security for C++ XML Signature 安全绕过漏洞
CVE-2013-4958Puppet Enterprise 授权问题漏洞
CVE-2013-4956Puppet和Puppet Enterprise 安全绕过漏洞
CVE-2013-4955Puppet Enterprise 登录页面开放重定向漏洞
CVE-2013-4762Puppet Enterprise 输入验证漏洞

Showing top 20 of 30 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2013-2210

No comments yet

Leave a comment