CVE-2013-2153

The XML digital signature functionality (xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows context-dependent attackers to reuse signatures and spoof arbitrary content via crafted Reference elements in the Signature, aka "XML Signature Bypass issue."

Published: Aug 20, 2013
Updated: Nov 9, 2025
CVE: CVE-2013-2153
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-310

Affected Software
References

Software	From	Fixed in
apache / xml_security_for_c++	1.6.0	1.6.0.x
apache / xml_security_for_c++	1.1.0	1.1.0.x
apache / xml_security_for_c++	1.6.1	1.6.1.x
apache / xml_security_for_c++	1.2.1	1.2.1.x
apache / xml_security_for_c++	1.5.1	1.5.1.x
apache / xml_security_for_c++	1.5.0	1.5.0.x
apache / xml_security_for_c++	0.2.0	0.2.0.x
apache / xml_security_for_c++	1.3.0	1.3.0.x
apache / xml_security_for_c++	-	1.7.0.x
apache / xml_security_for_c++	1.4.0	1.4.0.x
apache / xml_security_for_c++	1.3.1	1.3.1.x
apache / xml_security_for_c++	1.2.0	1.2.0.x
apache / xml_security_for_c++	0.1.0	0.1.0.x

Vulnerability Database

317,828

CVE-2013-2153

Deep Security Visibility Without the Complexity