Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1411

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2011-1411
Last Modified 10 Oct 2013 11:34:32
Published 02 Sep 2011 07:55:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-1411

Summary

Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."

Vulnerable Systems

Application

  • Shibboleth Opensaml 2.4.0

  • Shibboleth Opensaml 2.4.1

  • Shibboleth Opensaml 2.4.2

  • Shibboleth Opensaml 2.5.0

  • Shibboleth-identity-provider 2.0.0

  • Shibboleth-identity-provider 2.1.0

  • Shibboleth-identity-provider 2.1.1

  • Shibboleth-identity-provider 2.1.2

  • Shibboleth-identity-provider 2.1.3

  • Shibboleth-identity-provider 2.1.4

  • Shibboleth-identity-provider 2.1.5

  • Shibboleth-identity-provider 2.2.0

  • Shibboleth-identity-provider 2.2.1

  • Shibboleth-identity-provider 2.3.0

  • Shibboleth-identity-provider 2.3.1


References

DEBIAN - DSA-2284

CONFIRM - http://shibboleth.internet2.edu/secadv/secadv_20110725.txt

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html

SECUNIA - 50994

MANDRIVA - MDVSA-2013:150


Last Updated: 27 May 2016 10:57:27