Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4314

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2011-4314
Last Modified 14 Feb 2013 11:50:40
Published 27 Jan 2012 10:55:04
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-4314

Summary

message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack.

Vulnerable Systems

Application

  • Kay Framework Project Kay Framework 0.0.0

  • Kay Framework Project Kay Framework 0.1.0

  • Kay Framework Project Kay Framework 0.2.0

  • Kay Framework Project Kay Framework 0.3.0

  • Kay Framework Project Kay Framework 0.8.0

  • Kay Framework Project Kay Framework 1.0.0

  • Kay Framework Project Kay Framework 1.0.1

  • Openid4java 0.9.2

  • Openid4java 0.9.3

  • Openid4java 0.9.4.339

  • Openid4java 0.9.5.593

  • Redhat Jboss Enterprise Application Platform 5.1.0

  • Redhat Jboss Enterprise Application Platform 5.1.1

  • Redhat Jboss Enterprise Application Platform 5.1.2


References

CONFIRM - https://issues.jboss.org/browse/SOA-3597

CONFIRM - https://issues.jboss.org/browse/JBEPP-1368

REDHAT - RHSA-2011:1804

MLIST - [oss-security] 20111116 Re: CVE Request: openid4java not properly verifying the signature of Attribute Exchange (AX) information

MLIST - [oss-security] 20111116 CVE Request: openid4java not properly verifying the signature of Attribute Exchange (AX) information

SECTRACK - 1026400

SECUNIA - 44496

CONFIRM - http://openid.net/2011/05/05/attribute-exchange-security-alert/

REDHAT - RHSA-2012:0519

REDHAT - RHSA-2012:0441

SECUNIA - 48697

SECUNIA - 48954


Last Updated: 27 May 2016 10:58:07