Apache XML Security Information for VU#466161

XML signature HMAC truncation authentication bypass



Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The Apache XML Security Java implementation (http://santuario.apache.org) is affected. The vulnerability will be fixed in version 1.4.3. The final release of version 1.4.3 is targeted for mid-late July. Please subscribe to the mailing

list (http://santuario.apache.org/mail-lists.html) for more details.

Vendor References



There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.