Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-6426

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-6426
Last Modified 07 Jan 2013 12:00:00
Published 01 Jan 2013 10:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-6426

Summary

LemonLDAP::NG before 1.2.3 does not use the signature-verification capability of the Lasso library, which allows remote attackers to bypass intended access-control restrictions via crafted SAML data.

Vulnerable Systems

Application

  • Lemonldap-ng Lemonldap%3a%3a 0.6

  • Lemonldap-ng Lemonldap%3a%3a 0.7

  • Lemonldap-ng Lemonldap%3a%3a 0.8

  • Lemonldap-ng Lemonldap%3a%3a 0.8.1

  • Lemonldap-ng Lemonldap%3a%3a 0.8.2

  • Lemonldap-ng Lemonldap%3a%3a 0.8.3

  • Lemonldap-ng Lemonldap%3a%3a 0.9

  • Lemonldap-ng Lemonldap%3a%3a 0.9.1

  • Lemonldap-ng Lemonldap%3a%3a 0.9.2

  • Lemonldap-ng Lemonldap%3a%3a 0.9.3

  • Lemonldap-ng Lemonldap%3a%3a 0.9.4

  • Lemonldap-ng Lemonldap%3a%3a 1.0

  • Lemonldap-ng Lemonldap%3a%3a 1.0.1

  • Lemonldap-ng Lemonldap%3a%3a 1.0.2

  • Lemonldap-ng Lemonldap%3a%3a 1.0.3

  • Lemonldap-ng Lemonldap%3a%3a 1.0.4

  • Lemonldap-ng Lemonldap%3a%3a 1.0.5

  • Lemonldap-ng Lemonldap%3a%3a 1.0.6

  • Lemonldap-ng Lemonldap%3a%3a 1.1.0

  • Lemonldap-ng Lemonldap%3a%3a 1.1.1

  • Lemonldap-ng Lemonldap%3a%3a 1.1.2

  • Lemonldap-ng Lemonldap%3a%3a 1.2.0

  • Lemonldap-ng Lemonldap%3a%3a 1.2.1

  • Lemonldap-ng Lemonldap%3a%3a 1.2.2


References

MLIST - [oss-security] 20121220 Re: [CVE-2012-6426] LemonLDAP-NG SAML XML Signature Wrapping

MLIST - [oss-security] 20121219 [CVE-2012-6426] LemonLDAP-NG SAML XML Signature Wrapping

CONFIRM - http://jira.ow2.org/browse/LEMONLDAP-570


Last Updated: 27 May 2016 11:01:30